last executing test programs: 2.125731875s ago: executing program 1 (id=250): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, &(0x7f0000000640)="430fc73f0f2390b9800000c00f3235010000000f300f20d835080000000f22d8c4e18173f53866baf80cb83879e487ef66bafc0cec66b88e008ec02d1aa80000460f1c460041ae", 0x47}], 0x1, 0x74, 0x0, 0x0) getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x0, 0x0, &(0x7f0000000240)) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x1, 0x2}, 0x28) ioctl$KVM_RUN(r2, 0xae80, 0x0) r3 = socket$inet_sctp(0x2, 0x1, 0x84) read$FUSE(0xffffffffffffffff, 0x0, 0x0) setsockopt$IP_VS_SO_SET_ADD(r3, 0x0, 0x482, &(0x7f0000000040)={0x100000011, @multicast2, 0x0, 0x0, 'ovf\x00', 0x21, 0x4000ffc, 0x6f}, 0x2c) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000400), 0xffffffffffffffff) sendmsg$TIPC_NL_KEY_SET(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB='T\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="0100000000000000000003000000400001802c0004001400010002000000ac1414aa00000000000000001400020002000000e000000200000000000004000d0001007564703a73"], 0x54}}, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x4000000) 1.486400127s ago: executing program 0 (id=262): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000c00)=ANY=[@ANYBLOB="56c78e3c733d76697274696f2c6e6f657874656e642c6163638173733d616e792c63616368653d667363616368652c76657273696f6e3d3970323030302e75"]) chdir(&(0x7f0000000100)='./file0\x00') madvise(&(0x7f0000720000/0x2000)=nil, 0x2000, 0xc) bind$alg(0xffffffffffffffff, &(0x7f0000000100)={0x26, 'skcipher\x00', 0x0, 0x0, 'cts(cbc(serpent))\x00'}, 0x58) r0 = socket(0xa, 0x5, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_REM(r0, 0x84, 0x65, &(0x7f00000005c0)=[@in6={0xa, 0x4e23, 0xfffffffb, @ipv4={'\x00', '\xff\xff', @empty}, 0x5}], 0x1c) mremap(&(0x7f000020e000/0x2000)=nil, 0x2000, 0x400000, 0x3, &(0x7f000082a000/0x400000)=nil) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuset.effective_cpus\x00', 0x275a, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000080)={'wlan0\x00', 0x0}) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$devlink(&(0x7f0000000240), r5) sendmsg$DEVLINK_CMD_SB_PORT_POOL_GET(r5, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000280)={0x4c, r6, 0x815, 0x70bd2d, 0x25dfdbff, {}, [{{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x1}}, {0x8, 0xb, 0x80}, {0x6, 0x11, 0xf}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x4048000}, 0x4000002) sendmsg$NL80211_CMD_JOIN_MESH(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="0500263d7000fc7196967400000008000300", @ANYRES32=r4], 0x28}, 0x1, 0x0, 0x0, 0x24040084}, 0x0) r7 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r7, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300d374e7924d172e8c0000fe80000000000000000000020000fe800000000000006a113c50000000aa0000000500000c980a0010002b000000", @ANYRES32=0x0, @ANYRES32=0xee01, @ANYBLOB="00000004000000007f00000000000000070000000001000003000000000000000000000000000000fdffffffffffffff0500000000000000ffffffffffffffff6e6500000000000000000000000000000000000000000000070000000000000000000000000000000101020000000000"], 0xb8}, 0x1, 0x0, 0x0, 0x84811}, 0x0) r8 = socket$inet6(0xa, 0x2, 0x3a) connect$inet6(r8, &(0x7f0000000180)={0xa, 0x4e24, 0xb, @mcast2, 0x9}, 0x1c) r9 = socket$nl_netfilter(0x10, 0x3, 0xc) r10 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r11 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r9, 0x8933, &(0x7f00000001c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_JOIN_MESH(r11, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000080)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=r10, @ANYBLOB="010040000000000002034400000008000300", @ANYRES32=r12, @ANYBLOB="08002600851600000a00180000000000000000001c005a8018000180140002"], 0x4c}}, 0x0) recvfrom$x25(r1, &(0x7f0000000300)=""/203, 0xcb, 0x1, 0x0, 0x0) pwritev2(r1, &(0x7f0000000980)=[{&(0x7f0000000500)="be81", 0x1f01e}], 0x1, 0x5, 0xa, 0x14) 1.149651018s ago: executing program 1 (id=271): r0 = syz_open_procfs(0xffffffffffffffff, 0x0) pread64(r0, &(0x7f0000002140)=""/17, 0x11, 0x0) 1.149181231s ago: executing program 1 (id=273): r0 = add_key$keyring(&(0x7f0000000040), &(0x7f0000000080)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffa) r1 = add_key$keyring(&(0x7f0000000100), &(0x7f0000000000)={'syz', 0x3}, 0x0, 0x0, r0) pipe2$watch_queue(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80) r3 = syz_open_procfs(0x0, &(0x7f0000000000)='net/udp6\x00') preadv(r3, &(0x7f0000000280)=[{&(0x7f0000000380)=""/218, 0xda}, {&(0x7f0000000a00)=""/4096, 0x1000}], 0x2, 0x14a, 0x0) keyctl$restrict_keyring(0xa, r1, &(0x7f0000000380)='asymmetric\x00', &(0x7f0000000240)='\x00\x06\x00 \x00\x00\x00') madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x3) keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r1, 0x0, &(0x7f0000000640)=@secondary) r4 = syz_clone3(&(0x7f0000000580)={0x2000, &(0x7f0000000140), &(0x7f0000000180), &(0x7f00000001c0), {0x1b}, &(0x7f0000000480)=""/254, 0xfe, &(0x7f00000002c0)=""/157, &(0x7f0000000200)=[0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0], 0x6, {r2}}, 0x58) syz_open_procfs(r4, &(0x7f0000000600)='net/psched\x00') msync(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x5) 1.039662766s ago: executing program 1 (id=275): r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000400)={'wlan1\x00', 0x0}) syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), 0xffffffffffffffff) sendmsg$NL80211_CMD_CONTROL_PORT_FRAME(r0, &(0x7f0000003700)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000340)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYBLOB="010000000000000000008100000008000300", @ANYRES32=r1, @ANYBLOB="0a000600ffffffffffff000006006600c78800001c0033"], 0x4c}}, 0x800) 1.038819642s ago: executing program 1 (id=277): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_SET_PMKSA(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)={0x80, 0x0, 0x200, 0x70bd26, 0x25dfdbfb, {{}, {@void, @void}}, [@NL80211_ATTR_PMK={0x14, 0xfe, "578a6d7c33473eb8e1008c766d6aa59c"}, @NL80211_ATTR_PMK_REAUTH_THRESHOLD={0x5, 0x120, 0x61}, @NL80211_ATTR_PMK_REAUTH_THRESHOLD={0x5, 0x120, 0x42}, @NL80211_ATTR_PMK={0x14, 0xfe, "983cf4b529e7d6be0f039705b0f221fa"}, @NL80211_ATTR_FILS_CACHE_ID={0x6, 0xfd, 0x10}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_PMK={0x14, 0xfe, "1cb2cabe4df911109ffb2372bd97cf80"}, @NL80211_ATTR_SSID={0xa, 0x34, @random="3950a769fe0b"}]}, 0x80}}, 0x10) sendmsg$NL80211_CMD_SET_WIPHY(r0, &(0x7f0000000200)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x2c, 0x0, 0x8, 0x70bd2a, 0x25dfdbff, {}, [@NL80211_ATTR_WIPHY_TX_POWER_SETTING={0x8, 0x61, 0xc}, @NL80211_ATTR_TXQ_LIMIT={0x8, 0x10a, 0x4cac}, @NL80211_ATTR_WIPHY_COVERAGE_CLASS={0x5, 0x59, 0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x30004040}, 0x0) r1 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000240), r0) sync() syz_genetlink_get_family_id$SEG6(&(0x7f0000000280), 0xffffffffffffffff) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000300), r0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000340)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_DEL_INTERFACE(r0, &(0x7f0000000400)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x1c, r2, 0x100, 0x70bd25, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r3}, @void}}, ["", "", "", "", "", "", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x24004010}, 0x4) sendmsg$NL80211_CMD_GET_FTM_RESPONDER_STATS(r0, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x28, r2, 0x8, 0x70bd27, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r3}, @val={0xc, 0x99, {0xa5, 0x63}}}}, ["", "", "", "", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x4c0e4}, 0x40084) r4 = openat$selinux_status(0xffffffffffffff9c, &(0x7f0000000540), 0x0, 0x0) ioctl$CDROMSETSPINDOWN(r4, 0x531e, &(0x7f0000000580)=0x8) r5 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000600), r0) sendmsg$TIPC_NL_KEY_FLUSH(r4, &(0x7f0000000880)={&(0x7f00000005c0)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000840)={&(0x7f0000000640)={0x1d0, r5, 0x100, 0x70bd2b, 0x25dfdbfe, {}, [@TIPC_NLA_NET={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_ID={0x8, 0x1, 0x7}]}, @TIPC_NLA_LINK={0x64, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x7ff}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x4}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x6929}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xfffffff8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xb}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x6}]}, @TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}]}, @TIPC_NLA_SOCK={0x80, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_CON={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_FLAG={0x8, 0x1, 0x5}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0xc0000000}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0xff}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x1}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x9}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x7}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x7fff}]}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_CON={0xc, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_NODE={0x8, 0x2, 0x7}]}, @TIPC_NLA_SOCK_CON={0x2c, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_FLAG={0x8, 0x1, 0x6}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x9}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x100}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0xc3}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x3}]}]}, @TIPC_NLA_PUBL={0x4c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x311}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x8}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x2}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x6}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x800000}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x3000}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x2}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x3}, @TIPC_NLA_PUBL_TYPE={0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x8001}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0xff}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0xfffffff7}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0xd}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7e}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x80000000}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0xaa7d}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x4}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6}]}]}, 0x1d0}, 0x1, 0x0, 0x0, 0x20040050}, 0x24000844) r6 = socket$nl_sock_diag(0x10, 0x3, 0x4) ioctl$sock_inet_SIOCGIFADDR(r6, 0x8915, &(0x7f00000008c0)={'nicvf0\x00', {0x2, 0x0, @initdev}}) sendmsg$MPTCP_PM_CMD_DEL_ADDR(r4, &(0x7f0000000a40)={&(0x7f0000000900)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000a00)={&(0x7f0000000940)={0xa8, r1, 0x4, 0x70bd29, 0x25dfdbfd, {}, [@MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x7}, @MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x1}, @MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x5}, @MPTCP_PM_ATTR_TOKEN={0x8, 0x4, 0x6}, @MPTCP_PM_ATTR_TOKEN={0x8}, @MPTCP_PM_ATTR_TOKEN={0x8, 0x4, 0x7}, @MPTCP_PM_ATTR_ADDR_REMOTE={0x48, 0x6, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_IF_IDX={0x8}, @MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @remote}, @MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0x9}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0xc}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @broadcast}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x14}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6}]}, @MPTCP_PM_ATTR_TOKEN={0x8, 0x4, 0xfffffffd}, @MPTCP_PM_ATTR_ADDR_REMOTE={0xc, 0x6, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x1e}]}, @MPTCP_PM_ATTR_TOKEN={0x8, 0x4, 0x1}]}, 0xa8}, 0x1, 0x0, 0x0, 0x4008810}, 0x0) r7 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000ac0), r0) sendmsg$IPVS_CMD_GET_SERVICE(r4, &(0x7f0000000bc0)={&(0x7f0000000a80)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000b80)={&(0x7f0000000b00)={0x64, r7, 0x400, 0x70bd28, 0x25dfdbfc, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0xdf9}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x9}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x3}, @IPVS_CMD_ATTR_DAEMON={0x30, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x6, 0x4, 0xfff6}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x6, 0x4, 0x7}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @broadcast}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x10001}]}, 0x64}, 0x1, 0x0, 0x0, 0x15}, 0x4050) sync() ioctl$sock_inet6_udp_SIOCINQ(r4, 0x541b, &(0x7f0000000c00)) ioctl$sock_inet_SIOCGIFADDR(r0, 0x8915, &(0x7f0000000c40)={'veth1_macvtap\x00', {0x2, 0x0, @private}}) getsockopt$inet_sctp_SCTP_RECONFIG_SUPPORTED(r4, 0x84, 0x75, &(0x7f0000000c80)={0x0, 0x7ff}, &(0x7f0000000cc0)=0x8) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(r4, 0x84, 0xf, &(0x7f0000000d00)={r8, @in={{0x2, 0x4e23, @broadcast}}, 0x1, 0x2, 0x400, 0xabb, 0x6}, &(0x7f0000000dc0)=0x98) sync() sync() sync() sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000001080)={&(0x7f0000000e00)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000001040)={&(0x7f0000000e40)={0x1f4, r2, 0x800, 0x70bd2d, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_COALESCE_RULE_DELAY={0x8, 0x1, 0x37}, @NL80211_ATTR_COALESCE_RULE_DELAY={0x8, 0x1, 0x3}, @NL80211_ATTR_COALESCE_RULE_DELAY={0x8, 0x1, 0x988}, @NL80211_ATTR_COALESCE_RULE_PKT_PATTERN={0x3c, 0x3, 0x0, 0x1, [{0x18, 0x0, 0x0, 0x1, @NL80211_PKTPAT_PATTERN={0x12, 0x2, "3113739c327d8d1654608bafd62b"}}, {0x14, 0x0, 0x0, 0x1, @NL80211_PKTPAT_MASK={0xf, 0x1, "63a6ce120b34d3ad7aed83"}}, {0xc, 0x0, 0x0, 0x1, @NL80211_PKTPAT_OFFSET={0x8, 0x3, 0x1}}]}, @NL80211_ATTR_COALESCE_RULE_PKT_PATTERN={0x184, 0x3, 0x0, 0x1, [{0xbc, 0x0, 0x0, 0x1, @NL80211_PKTPAT_PATTERN={0xb8, 0x2, "97af8458d6b3e20efc838a2df4994b7087e027afd2f503b6f1fed2d64e49c23c95526306fcd9d3322af60f9c40d586959cd15d62f6fab46a0635614b90a4ff45d2ebf45c79517b6a5bc12e41f601f056c079d116c2ed0242e9a34438d0f40d6178c20b5ebc87907805b2d47a310d850a62386ac761af9f4f846b9846333886fefa822f31e54b3abfe69521460f96057c7cd80875ce2f7bdfdb0c5804be42ef36573fe3a7b23cae64285b5b535216ba8a8ee1d598"}}, {0xc4, 0x0, 0x0, 0x1, @NL80211_PKTPAT_MASK={0xbe, 0x1, "0743c2006c4e8f6d470ad9c70eb0d701938ffd751e1326b8a0e78fa6e586cf85054622cfd302f6051bcb28dc21d2d3147f4ed3e88bcb30005f45d9def370356bdbf484432aa18578034a12a1e94a19a3e88600e68ba7bee88dc365122700ba3d88c052d06dc96fd9cc1f7b8812dc6333d0f4343f4978d49aa3cae61ae1c1da8242321bd3422c6db1d297bbfbab7186b13d546bb7dbc6bbc76f9e61bd3c3c815441fa2fde0b211f6d34a452d2200ede78e2eda9edf622e4997b99"}}]}]}, 0x1f4}, 0x1, 0x0, 0x0, 0x80}, 0x20000000) sync() connect$pppoe(0xffffffffffffffff, &(0x7f00000010c0)={0x18, 0x0, {0x1, @link_local, 'lo\x00'}}, 0x1e) 837.886039ms ago: executing program 1 (id=282): r0 = socket$inet6(0xa, 0x2, 0x3a) sendto$inet6(r0, &(0x7f0000000000), 0x0, 0x4000, &(0x7f0000001100)={0xa, 0x0, 0x0, @loopback}, 0x1c) readv(r0, &(0x7f0000000400)=[{&(0x7f0000000040)=""/212, 0xd4}], 0x1) 751.793608ms ago: executing program 2 (id=284): syz_open_dev$vbi(&(0x7f0000000040), 0x0, 0x2) socket$nl_route(0x10, 0x3, 0x0) write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x6, 0x2, 0x6, 0xfffa}, 0x3a, [0x8000, 0xc95a, 0x8, 0x0, 0x80, 0x2, 0x3, 0x8, 0x20000006, 0x4d, 0x6, 0x5f, 0x9, 0x5, 0xffff2d37, 0xffffff01, 0x6, 0xff, 0x0, 0x5, 0x4, 0xfffffffd, 0x50, 0x3c5b, 0x5, 0x24, 0xd, 0x2, 0x4, 0xffffffff, 0xe661, 0xfffffffe, 0x7, 0x3, 0x400, 0x4c74, 0x80000000, 0x243, 0x3, 0x2e, 0x0, 0x8000806e, 0x7, 0x4, 0x1, 0xfffffffa, 0x5, 0x3e, 0x8f, 0x6, 0x6, 0x0, 0x5, 0x4, 0x8, 0x3ff, 0x8, 0x0, 0x6, 0x3, 0x8, 0x4, 0x1, 0x40], [0x10000007, 0x9, 0x8000012f, 0x8004, 0x5, 0x2, 0x129432e6, 0xc8, 0xf9, 0xe, 0x2bb, 0x6c7, 0x2, 0xfffffffc, 0x3, 0x0, 0xff, 0x5, 0x2f, 0xe, 0x312, 0x78, 0xea1, 0x0, 0x4, 0x7, 0x7fff, 0x5, 0x400, 0x3ff, 0x6, 0x9, 0xff, 0x5, 0x1000005, 0x5f31, 0xd, 0x4e0, 0x2, 0x800004, 0xb, 0x4, 0x9, 0x8, 0x9, 0x6, 0x4b, 0x8010, 0x1, 0xfe000000, 0x8, 0x2, 0x4, 0xd, 0x3, 0x3, 0x9, 0x1, 0x8, 0x0, 0xbc45, 0x48c93690, 0x42, 0x3], [0x7, 0x408, 0x4, 0x5, 0xfffffffe, 0x100, 0x8d2, 0x9, 0x5, 0x7fff, 0x0, 0x5, 0x1, 0x4, 0x5, 0x5, 0x0, 0x1ef, 0x6, 0x8, 0x86, 0x3, 0x3038, 0x3e7, 0xb, 0x5, 0xb, 0x3, 0x3, 0x20000008, 0x4, 0x6d01, 0x0, 0x38, 0x800003, 0x200, 0x80, 0x3, 0x4, 0x2950bfae, 0x1000, 0xa0, 0x7, 0xa9, 0x5, 0x6, 0xac8, 0xbf, 0x2, 0x39f, 0x7ff, 0x12b, 0x4, 0x1, 0xa, 0x0, 0x5, 0x1c, 0x120000, 0x9, 0x2006, 0x80a2ed, 0x4, 0x25], [0x9, 0xbb33, 0x7, 0xb, 0x9, 0x938, 0x6, 0x40, 0xfffffffc, 0xb9, 0xce7, 0x1ff, 0x2, 0x57, 0x5, 0x3, 0x103, 0x10000, 0x4, 0x7fff, 0xffff, 0xa620, 0x1, 0x5, 0x1, 0x2, 0x14c, 0x60a7, 0x8000006, 0x16, 0xffffffff, 0x80000000, 0x1005, 0x4, 0xc8, 0x7ff, 0xfffff000, 0x10000, 0x3, 0x7e, 0x100, 0xe8a5, 0xa, 0xaf, 0x8, 0x3, 0x226, 0x4, 0x5, 0x8, 0x4, 0xa1f, 0x89, 0x7, 0x1, 0x6c1b, 0x0, 0x4, 0x5, 0xb1b, 0xd7, 0x200, 0xffff3441, 0xfff]}, 0x45c) ppoll(&(0x7f00000000c0)=[{0xffffffffffffffff, 0x1f}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0) 667.201078ms ago: executing program 2 (id=286): r0 = socket$nl_rdma(0x10, 0x3, 0x14) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$EXT4_IOC_GET_ES_CACHE(r0, 0xc020662a, &(0x7f0000000500)={0x1, 0x3, 0x0, 0x1, 0x6, 0x0, [{0x10, 0xffff, 0x2754, '\x00', 0x906}, {0x3, 0x8, 0x2}, {0x7, 0x0, 0x8, '\x00', 0x1000}, {0x9c6, 0x8000, 0x3}, {0x5, 0x1, 0x3c0b}, {0x80, 0x4, 0x100000001, '\x00', 0x882}]}) sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a60000000060a0b0400000000000000000200000134000480300001800b0001006f626a726566000020000280080003400000000c0900040073797a310000000008000140000000010900010073797a30000000000900020073797a32"], 0x88}}, 0x0) syz_emit_ethernet(0x153, &(0x7f0000000940)={@link_local={0x3}, @multicast, @val={@val={0x88a8, 0x0, 0x1, 0x1}, {0x8100, 0x0, 0x1, 0x2}}, {@ipv4={0x800, @dccp={{0x2f, 0x4, 0x0, 0x2c, 0x13d, 0x65, 0x0, 0x7, 0x21, 0x0, @broadcast, @loopback, {[@timestamp={0x44, 0x28, 0x76, 0x0, 0xc, [0xff, 0x6, 0x8, 0x8, 0x7, 0x4003, 0xffff, 0x0, 0x91]}, @timestamp_prespec={0x44, 0x1c, 0xe8, 0x3, 0x4, [{@dev={0xac, 0x14, 0x14, 0x2a}}, {@broadcast, 0xffffa5cc}, {@initdev={0xac, 0x1e, 0x1, 0x0}, 0x10000}]}, @rr={0x7, 0x13, 0xd5, [@remote, @remote, @rand_addr=0x64010101, @initdev={0xac, 0x1e, 0x0, 0x0}]}, @end, @end, @ssrr={0x89, 0x7, 0x17, [@empty]}, @ssrr={0x89, 0xf, 0xd5, [@remote, @empty, @empty]}, @generic={0x83, 0x3, 'f'}, @timestamp_prespec={0x44, 0x34, 0x66, 0x3, 0x8, [{@local, 0x1}, {@broadcast, 0x98}, {@empty, 0x6}, {@broadcast, 0x5}, {@rand_addr=0x64010100, 0x5}, {@private=0xa010101, 0x6}]}, @noop]}}, {{0x4e24, 0x4e22, 0x4, 0x1, 0x4, 0x0, 0x0, 0x4, 0x4, "c7c5a1", 0xff, "8de292"}, "2d34f13d5fc4aa5dfccfce60914a30f1264b1dfa679736a01fab01584f241a98b4a1a272fc6b3f5665a6d882ba5ab6e817cb8247efa360d22308916b9777381bd99cf5269d5604e4ac6be41fc55736e4f0d38cbc6b93e6f664edb8ed867e24c25dd8ce42a994bedc6156d7ec62fc5e5201"}}}}}, 0x0) sendmsg$RDMA_NLDEV_CMD_STAT_GET(r0, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000011146b8c27bd7000ffdbdf2508003e0000000000080001000000000008003e000501000008004f000200000008000300020000000800030001000000"], 0x40}, 0x1, 0x0, 0x0, 0x4000000}, 0x40000) r2 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0xa2f01, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) getsockopt$bt_BT_RCVMTU(r4, 0x112, 0xd, &(0x7f0000000040)=0x6, 0x0) r5 = syz_open_dev$usbfs(&(0x7f0000000100), 0x77, 0x101301) socket$can_j1939(0x1d, 0x2, 0x7) ioctl$USBDEVFS_RELEASE_PORT(r5, 0x80045519, &(0x7f0000000240)=0x1) r6 = dup(r3) r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000300), r6) sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000680)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000340)={0x2c, r7, 0x0, 0x70bd28, 0x25dfdbfb, {{}, {@void, @val={0xc, 0x99, {0x5, 0x3b}}}}, [@NL80211_ATTR_TX_NO_CCK_RATE={0x4}, @NL80211_ATTR_DURATION={0x8, 0x57, 0x652}]}, 0x2c}, 0x1, 0x0, 0x0, 0x40014}, 0x0) ioctl$SIOCSIFHWADDR(r6, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}) r8 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) sendmsg$NFT_BATCH(r8, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000400)=ANY=[@ANYBLOB="140000001000010000000000000000000200000a20000000000a050000000000000000000100fffc0900010073797a300000000040000000030a01010000000000000000010000000900030073797a300000000014000480080002400000000008000140000000010900010073797a300000000040000000060a01040000000000000000010000001800048014000180090001006c617374000000000400028008000b40000000000900010073797a300000b8f7ba00001400000411000100"/200], 0xc8}, 0x1, 0x0, 0x0, 0x8000}, 0x4000804) r9 = socket$inet6_udp(0xa, 0x2, 0x0) bind$inet6(r9, &(0x7f0000000000)={0xa, 0xe22, 0x0, @empty}, 0x1c) socket$pppl2tp(0x18, 0x1, 0x1) syz_emit_ethernet(0x4c, &(0x7f00000006c0)=ANY=[@ANYBLOB="0180c2000002ece65fbcee5586dd6001010000161100fe8000000000000000000000000000bbfe80000000003279bb1b74dd1b5b61f357000000000000000000aa00030e22001690780203000600000000ffb00afe4e70c1ebb2cc18030d9932e08f359f7af9e19420374a2889303ebce4dc774a6075f0a674c79473926398086934"], 0x0) write$tun(r2, &(0x7f0000000380)=ANY=[@ANYBLOB="0000e64eaaaaaaaaaabbbbbbbbbbbbbb81000000080045ae003c006400000206"], 0x52) r10 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x82200, 0x0) ioctl$IOMMU_VFIO_CHECK_EXTENSION(r10, 0x3b65, 0x4) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYRES16=r5], 0x38}, 0x1, 0x0, 0x0, 0x48845}, 0x4010) 615.285436ms ago: executing program 0 (id=288): ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000240)={0x56, 0x3, 0x0, {0x20, 0x1}, {0x44, 0x2}, @rumble={0x807, 0xaba}}) r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x1, 0x8c2b01) write$char_usb(r0, &(0x7f0000000040)="e2", 0x12d8) (fail_nth: 39) 490.442697ms ago: executing program 3 (id=289): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_MSG_GETCHAIN(r0, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x2c, 0x4, 0xa, 0x201, 0x0, 0x0, {0xa, 0x0, 0x1}, [@NFTA_CHAIN_POLICY={0x8, 0x5, 0x1, 0x0, 0xfffffffffffffffe}, @NFTA_CHAIN_ID={0x8, 0xb, 0x1, 0x0, 0x1}, @NFTA_CHAIN_FLAGS={0x8, 0xa, 0x1, 0x0, 0x3}]}, 0x2c}, 0x1, 0x0, 0x0, 0x20040815}, 0x20) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) shutdown(r1, 0x1) socket$packet(0x11, 0x2, 0x300) r2 = bpf$PROG_LOAD_XDP(0x5, &(0x7f00000003c0)={0x6, 0x3, &(0x7f0000000300)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], &(0x7f0000000040)='syzkaller\x00', 0x2, 0x0, 0x0, 0x0, 0xb}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r2, 0x5, 0x4a, 0x0, &(0x7f0000000200)="7567a78678807f861d2f194c6c15bee1480b789074508c05a04bb5e79e2ea2bde8bbbc12091e492a703d773589d7d908d5c9de5f1b03cc2089060000000000000015fb4440dfe0262e71", 0x0, 0xd01, 0x2a0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) 466.921315ms ago: executing program 2 (id=290): syz_emit_ethernet(0x7e, &(0x7f00000003c0)={@broadcast, @multicast, @void, {@ipv6={0x86dd, @gre_packet={0x7, 0x6, "1000", 0x48, 0x2f, 0xe78c6d029ffc7582, @local, @mcast2, {[], {{0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x6558, 0x0, 0x3, [0x1ff]}, {0x0, 0x0, 0x1, 0x1}, {0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x86dd, [0x9]}, {0x6488, 0x88be, 0x4, {{0x5, 0x1, 0x3, 0x3, 0x1, 0x0, 0x0, 0x35}, 0x1, {0x4c289}}}, {0x8, 0x22eb, 0x1, {{0xe, 0x2, 0x0, 0x1, 0x0, 0x3, 0x1, 0x4}, 0x2, {0x200004, 0x2, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x1}}}, {0x8, 0x6558, 0x4}}}}}}}, 0x0) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$IEEE802154_LLSEC_ADD_SECLEVEL(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="c208bc4b29c00ed2004ca4c945425b948c48a2844cc8474e0403a6b4253581d52d46f07e8b9db8e99046d451", @ANYRES16, @ANYBLOB="0b062dbd7000fddbdf2530000000050035000200000005003600040000000a0001007770616e3100000005003300f8000000"], 0x38}, 0x1, 0x8000000, 0x0, 0x24008801}, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000002700)=ANY=[@ANYBLOB="c474000042000701feffffff00000000037c0000ec0242805b021a80d501ee80fb8d136da31edc546f500c8cfa08a5c5754b91c2df21434977915ca20818805268c77c40d30d690be101237fe2d4f76ecbd0a3a72fd24530e0c798c833077a5f872fe39e7969b90d69bc920c426d98543a115113b491e8cfedcadf90301401d69f157034d9236f5296c5e7672ee37ff38111b6bc2648ab6aa17910a3404651fb2e87661960284b3708021087b3018adc0e3ee9906d0091bff50dab42528573bd5e64cd4432fff76b731360a6287463cc2bcb8cdfabeb537ef6be5f442a4ad6d97e9197a72790584202a68843cd90cf7b4d17bd354efba83e56231126b41743aecfd0bca0e7fbaecefd57f3da424405f5bbee4940eb3d75c66e85767aebc33dc0474446f5b777bfb24d9d811574b0124053ef4d4041aedaa9382a720c76fd8af91024a3abc4f3b0c968bb09b994e2a5c5da74ccbc86ed9dcbc7f827af348bae3c609ebacfcd1c145b8fb4e866bba160d595fd8027174aaa3d1ff903eb3053b6fbf0693acc2b14b95a134ba6d55a853e51f2394e6e202013ca10fa9f99b79730aa957b93219e2f2ec64749b88b0e0cdfea1a5c7f47fc2fdf7d30809c89905c3e0e896aeda66adcabed006a0da29cb0a48491d4c1097750365e0c02e15106c9bd8926e34e43a9108ba8729e4cdaca2d7ed99700000004002c800400ee0004002c80b4dfec08383fe7db080f4e90f4f7ed53618ec09a3f4af45e1b81cc948f38db20641761807964a90070731a1c4c7134321838a59a55ebdbfbc725f2fadb0964"], 0x74c4}, 0x1, 0x0, 0x0, 0xc004}, 0xc000) landlock_create_ruleset(0x0, 0xffffffffffffff46, 0x3) getdents64(0xffffffffffffffff, 0x0, 0x0) syz_emit_ethernet(0xf7, 0x0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000780), r1) mount$tmpfs(0x0, 0x0, 0x0, 0x10a40a2, &(0x7f0000000040)=ANY=[@ANYBLOB="f4697a653d"]) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000002c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000000)=ANY=[@ANYBLOB="88020000", @ANYRES16=r2, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32=r3, @ANYBLOB="6102330050300100080211000001080211000000505050505050"], 0x288}, 0x1, 0x0, 0x0, 0x800}, 0x0) r4 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) setsockopt$SO_BINDTODEVICE(r4, 0x1, 0x19, &(0x7f0000000000)='nr0\x00', 0x10) sendmmsg$inet(r4, &(0x7f00000020c0)=[{{0x0, 0x0, &(0x7f0000000680)=[{&(0x7f0000000080)='F', 0x1}], 0x1, 0x0, 0x0, 0x2000000}}], 0x1, 0x0) syz_open_dev$I2C(&(0x7f0000000040), 0x1, 0x52f640) r5 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f00000000c0)={'bridge0\x00'}) pwrite64(0xffffffffffffffff, &(0x7f00000005c0)='\"', 0x1, 0x3) sendmsg$BATADV_CMD_SET_VLAN(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x48b70040}, 0xc, &(0x7f0000000180)={&(0x7f0000000300)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16, @ANYBLOB="000325bd7000fbdbdf251200000005002d000000000008003c00090011000a000900aaaaaaaaaaaa0000050030000000000008003b0008000000e830539c75fd1da54acd6fd131b92527c9b462219495e5d5b559f6143ac137e75a9fee0efed9d4647d982fad39a9054056a7e20fc480c225578fa2892dca56bce5c971f6329b3be94af75874bbf7b01aac4c2df6e90d4ff71e1cad5f2f5869c3c186f58fce4b46668fc11b993b2f066e4e3a854ea322a4a24b3a9905"], 0x40}, 0x1, 0x0, 0x0, 0x8000}, 0x1) 357.581616ms ago: executing program 2 (id=291): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)={0x58, 0x2, 0x6, 0x3, 0x0, 0x0, {}, [@IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_TIMEOUT={0x8, 0x11}]}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_TYPENAME={0x12, 0x3, 'hash:net,port\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x58}}, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x4000000000000, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x4001, 0x3, 0x238, 0x110, 0x0, 0x148, 0x110, 0x148, 0x1a0, 0x240, 0x240, 0x1a0, 0x240, 0x7fffffe, 0x0, {[{{@ip={@empty, @broadcast, 0x0, 0x0, 'bridge_slave_0\x00', 'netdevsim0\x00', {}, {}, 0x0, 0x0, 0x54}, 0x0, 0xf0, 0x110, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'lo\x00', {0xa, 0x0, 0x1ff, 0x0, 0x0, 0xed, 0x7}}}, @common=@unspec=@connlabel={{0x28}, {0x943f}}]}, @unspec=@TRACE={0x20}}, {{@ip={@local, @loopback, 0xff, 0xffffff00, 'veth0_vlan\x00', 'xfrm0\x00', {0xff}}, 0x0, 0x70, 0x90}, @unspec=@TRACE={0x20}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x298) mount$fuseblk(0x0, &(0x7f00000000c0)='./file0\x00', 0x0, 0xc0ed0000, &(0x7f0000000300)={{}, 0x2c, {'rootmode', 0x3d, 0x2000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@default_permissions}]}}) 356.100421ms ago: executing program 2 (id=292): r0 = userfaultfd(0x801) bpf$PROG_LOAD(0x5, &(0x7f0000000c40)={0x6, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/mdstat\x00', 0x0, 0x0) poll(&(0x7f0000000140)=[{r1, 0x4100}], 0x1, 0x1) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000100)={'wlan0\x00', 0x0}) bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0xd, 0xc, &(0x7f00000003c0)=ANY=[@ANYRES32=r0, @ANYRES16, @ANYRESDEC=r3, @ANYBLOB="9642e2e95d9adef14b1cf8ce2057a2eb45e7d716d81e83456f1442dfb3a65e1c59e655712fed07ec58a8eb12f4ede6581917df86ec4e3c48d81dc5c5ee84df126d7a1375fef1283d87e0163db143229a508bcc84175d593a9e9aebfb8ecc56957fd017f3"], &(0x7f0000000180)='syzkaller\x00', 0xfffffffc, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1, 0x0, 0x0, 0x0, 0x0}, 0x94) r4 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$KDFONTOP_SET(r4, 0x4b72, &(0x7f0000000000)={0x0, 0x1, 0x6, 0x5, 0x200, &(0x7f0000003c40)="1ae19337aa151f36ae49bb3f8cb95c5bf840d4f1e55efaaf098d47a70eb36a73090000000000001b0f4743f490c585108c1331c7749299a25a705f5096cb268cbc6070d680e1be250700000000000000472471ff550c0010000007f3c7b61abe4162256004ea8ca5e5b5f379c6eb3257eda08f7e6959090000004d13184d382747e035b4722525e00ade86b4c6d1e157c75d15c1f961ebc0a64d7f2a73f8979fcecacaa64f9b9069ebcc1d5b471edbc4f6c7f1b98ae74e909aa6f25b7fa77bf9cd4ed36d5c53dc519d11c3cc1c22a3b86cf3c645413f4afbcea0c99ded703699d2bb6a4a663b99b6069da5aaf64785a5887c31261d4b9e57ee07000000def6f255ca26108f11f02047d47f2d0fec30f7e92482f71496e184214a4e0c5fdc48b0af0c0478940016d8f0990a0e1090fd515380aae83c5eaeed338701574b64200a16ef2811fadcf1e0f49a514df529061e09ce45e3da03a03fe9b4a6bcfa7d04594e4f6d0714a2e14ea127ab37d64a5e0db630cd4f4a2e6c985a542ff20a9b2193f265f93a258a88dd6c9d6a926dd23d32425849c5d9210007660a617f22133b6cb5087f4c6057942aa18193172bd995fa70a1f949b196f2e2a3c175858575713be5ee3f7f4dcecc98123f9ded3afdebe13d79a7f7fcb2469ae0ac503111401612df7ee995f74fb97a63bf62d61f78c062f959119ab50c1f706a930121ebcd53ccb93d158186ed360750ca8e728150d988844b9a5cff46591ccaff416e5a8c25f9555da5ca6fdf75b86ea6171b046b856168f403b5253a5cc393430a09a4489a0895571e597ac8846f945ffb372a88d3a25978b463dc961416c80c55773f917020751ed51cfd73c1e06fbadd156d56bedc117af95d242d6dccbe2ce34dccd6005e944afa92b22ec9a698469c6edc06caa2cfcd61912607d459b4c28ebea9745bcd4697d75c9601fd333d3cd797963a3c71b7cc5fdc756da8d97207936e5f53b53b732533c2722e03002293517966611602f297de6ff5408777b7a93c45cee3ee5c5601a4e94266b295ea7a86812a7ab8896ec5ea1b12643e1844b185734528399e62bceb8700cc6cd491e4a4430d0a3ba329a5a2fa170fd0b1cc4ba8294de988cd35df2cd7344aa8a9f3432b96fb889c02f484f635a0cc3466a3c2733d45f176931b2db18dba54991a9553cedb7f585786388d4042dbae1c95b769e3d4e036e8afea0a04c04f542b152ca1fd1f8efee60425c5a122fd1b90e98635284abd9f217d9e19cb2a64b354c9d79509cc47d7305114990148a7291cb0fe2d1c773a6664b66ae04aa62c534d072ae54c2ca0d5962cc58945d8924abfc4d5af922462507430d8f2c17479a6678b0b3700000000000000000000000000000000000000000000f800"}) timer_create(0x0, &(0x7f0000000200)={0x0, 0x21, 0x2, @tid=0xffffffffffffffff}, &(0x7f0000000300)=0x0) timer_delete(r5) fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r5, 0x1, &(0x7f0000000040)={{}, {0x77359400}}, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2, 0x5031, 0xffffffffffffffff, 0xc2dcc000) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000001c0)={0xaa, 0x428}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000140)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa04, &(0x7f0000000000)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x0, 0x2}) r6 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r6, 0x107, 0xe, &(0x7f0000000040)=0x1ff, 0x4) syz_extract_tcp_res$synack(0x0, 0x1, 0x0) r7 = socket$nl_sock_diag(0x10, 0x3, 0x4) sendmsg$SOCK_DIAG_BY_FAMILY(r7, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2400000014001b0528bd70006cb0da508da743bf94f1ffdbdf2511000d000100d76f51d2877e3e1d6a0000000000"], 0x24}, 0x1, 0x0, 0x0, 0x2400a051}, 0x44000) 279.036958ms ago: executing program 0 (id=293): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$XFS_IOC_FD_TO_HANDLE(r0, 0xc038586a, &(0x7f00000001c0)={r0, &(0x7f0000000080)='gact\x00', 0x840, &(0x7f0000000100)={@align=0x3, {0x9, 0xf, 0x2, 0x1}}, 0x6, &(0x7f0000000140), &(0x7f0000000180)=0x4}) r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000240), 0xffffffffffffffff) (async) r3 = socket$nl_route(0x10, 0x3, 0x0) (async) getsockopt$inet_IP_IPSEC_POLICY(r1, 0x0, 0x10, &(0x7f00000005c0)={{{@in6=@local, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@remote}, 0x0, @in=@broadcast}}, &(0x7f00000006c0)=0xe8) (async) r5 = getegid() (async) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r6 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000018c0), 0xa8c01) write$sndseq(r6, &(0x7f0000000340)=[{0x1e, 0x0, 0x0, 0xfd, @time, {}, {}, @result}], 0x1c) (async) mount$fuse(0x0, &(0x7f0000000540)='./file0\x00', &(0x7f0000000580), 0x800040, &(0x7f0000000700)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0xa000}, 0x2c, {'user_id', 0x3d, r4}, 0x2c, {'group_id', 0x3d, r5}, 0x2c, {[{@blksize={'blksize', 0x3d, 0x800}}, {@allow_other}, {@blksize={'blksize', 0x3d, 0x800}}, {@max_read={'max_read', 0x3d, 0x7}}, {@allow_other}, {@max_read={'max_read', 0x3d, 0x2}}, {@blksize={'blksize', 0x3d, 0x800}}, {@allow_other}, {@blksize={'blksize', 0x3d, 0x800}}, {@blksize={'blksize', 0x3d, 0x1800}}], [{@subj_type={'subj_type', 0x3d, 'clsact\x00'}}, {@fowner_gt={'fowner>', 0xee00}}]}}) (async) r7 = socket$netlink(0x10, 0x3, 0x0) r8 = socket(0x10, 0x3, 0x0) syz_genetlink_get_family_id$ethtool(&(0x7f0000000200), r8) getsockname$packet(r8, &(0x7f00000002c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="480000001000050700000086d7c0d6c878f064eb", @ANYRES32=r9, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}}, 0x0) (async) sendmsg$nl_route_sched(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000900)=@newqdisc={0x30, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r9, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_clsact={0xb}]}, 0x30}}, 0x4000800) (async) sendmsg$nl_route_sched(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000001240)=@delchain={0x3c, 0x64, 0xf31, 0xfffffffb, 0x0, {0x0, 0x0, 0x0, r9, {0x0, 0xfff3}, {0xfff3, 0xffff}, {0xa, 0x1b}}, [@filter_kind_options=@f_flower={{0xb}, {0xc, 0x2, [@TCA_FLOWER_KEY_FLAGS={0x8}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x40044}, 0x4804) ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, &(0x7f0000000300)={'sit0\x00', &(0x7f0000000280)={'gre0\x00', 0x0, 0x20, 0x700, 0xf, 0x7f, {{0x14, 0x4, 0x2, 0x7, 0x50, 0x65, 0x0, 0xd, 0x4, 0x0, @local, @broadcast, {[@timestamp={0x44, 0x24, 0x7b, 0x0, 0xd, [0x1, 0x0, 0x4, 0x8, 0x1000, 0x7, 0x7, 0x0]}, @noop, @end, @rr={0x7, 0xf, 0x3a, [@initdev={0xac, 0x1e, 0x1, 0x0}, @broadcast, @multicast2]}, @ra={0x94, 0x4}, @noop]}}}}}) (async) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000340)={'veth1_virt_wifi\x00', 0x0}) sendmsg$ETHTOOL_MSG_CHANNELS_GET(r1, &(0x7f0000000500)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000380)={0x124, r2, 0x8, 0x70bd27, 0x25dfdbfc, {}, [@HEADER={0x70, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r9}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_to_hsr\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r10}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_to_bridge\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r11}]}, @HEADER={0x40, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bridge_slave_0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syzkaller0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bridge_slave_1\x00'}]}, @HEADER={0x30, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'wlan1\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}]}, @HEADER={0x30, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'team0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x6}]}]}, 0x124}, 0x1, 0x0, 0x0, 0x20040811}, 0x8000) (async) sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000001480)={&(0x7f0000000000)=@newtaction={0x60, 0x30, 0x36eac49ec043b62f, 0x0, 0x25dfdbbf, {}, [{0x4c, 0x1, [@m_gact={0x48, 0x1, 0x0, 0x0, {{0x9}, {0x1c, 0x2, 0x0, 0x1, [@TCA_GACT_PARMS={0x18, 0x2, {0x2, 0x7ff, 0x2, 0xd, 0xe}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x60}}, 0x0) 278.925241ms ago: executing program 0 (id=294): r0 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_GET_CHARDEV(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000006040)={&(0x7f0000000540)={0x24, 0x140f, 0x1, 0x70bd27, 0x25dfdbfc, "", [@RDMA_NLDEV_ATTR_CHARDEV_TYPE={0x9, 0x45, 'umad\x00'}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}]}, 0x24}, 0x1, 0x2000000, 0x0, 0x20000010}, 0xc4000) 278.784585ms ago: executing program 3 (id=295): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000002c0)={'wlan0\x00', 0x0}) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000006000000000084e27fa40000000f000000c5000000a000020095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000c00)={0x0, 0x0, &(0x7f0000000640)={&(0x7f00000005c0)={0x3c, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_FRAME={0x1f, 0x33, @action={{{}, {}, @device_b}, @ntf_ch_w={0x7, 0x0, 0x1}}}]}, 0x3c}}, 0x0) 215.708097ms ago: executing program 0 (id=296): r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f0000000100)={0x38}) io_uring_setup(0x4a86, &(0x7f0000000300)={0x0, 0x4178, 0x40, 0x8001002, 0x3d7}) r1 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r2) ioctl$IOCTL_GET_NCIDEV_IDX(r1, 0x0, &(0x7f00000000c0)=0x0) sendmsg$NFC_CMD_DEV_UP(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000740)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r3, @ANYBLOB="010026bd70003c0200000200000008000100", @ANYRES32=r4], 0x1c}}, 0x0) write$nci(r1, &(0x7f0000002600)=ANY=[@ANYBLOB="71050406030206096131254052ac8b395f0874bc5f622358863846dc1c2e10fd0824c15a5bab900d5ec4d12e966fd01c48c9612d223bf1a77a08f5f0370bbddf028749c120ccd6a57ac009393433ddfb7e63f884d5717426fb83f75397b891b7ddf5ec71fb42724f71e2"], 0x71) 215.450784ms ago: executing program 3 (id=297): r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$netlink(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000200)={0x118, 0x20, 0x1, 0x0, 0x25dfdbfb, "", [@nested={0x105, 0x117, 0x0, 0x1, [@typed={0xc, 0x16, 0x0, 0x0, @u64=0xfac06}, @typed={0x14, 0x1, 0x0, 0x0, @ipv6=@ipv4={'\x00', '\xff\xff', @empty}}, @generic="50bb2d6f67d29d6fabadb107d0def49c88ea04abde1d5e8d3fb22a1b5046778bdafefc46b0449ade68bf84b36ec72dd71265fc2e882348c26c2126237dd5b37f5ae655b1086cda40e00aec58754734be31d750351dc076eb43d9621dc08c029d1608a46cf26fbe816b89f7cb81bff81a8b9482565856555ee923c65973deb0a99b962bc0fe94a3fcae3697bd7b85b3a682167c43dbf137115a40ebddcad74875ec58e9a3ddb9ad02a078cf0d972df9e99f079767734f69ce475f00ac64337803f5eb4e5842f4d98fe3fa370d47eb640dc5061dc35817c8a66c", @typed={0x8, 0xeb, 0x0, 0x0, @u32=0x7}]}]}, 0x118}], 0x1, 0x0, 0x0, 0x1}, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f0000000000)={0x2, 0x4e21, @broadcast}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000200)='dctcp', 0x5) connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x1b}}, 0x10) sendto$inet(r1, &(0x7f0000000400)="02", 0x1, 0x0, 0x0, 0x0) r2 = socket$inet6(0x10, 0x2, 0x4) sendto$inet6(r2, &(0x7f0000000080)="4c00000012001f15b9409b849ac00a00a5784002000000000000030038c88cc055c5ac27a6c5b068d0bf46d323452536005ad94a461cdbfee9bdb942352359a351d1ec0cffc8792cd8000080", 0x4c, 0x0, 0x0, 0x0) 207.478486ms ago: executing program 2 (id=298): socket$nl_netfilter(0x10, 0x3, 0xc) r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e20, @broadcast}, 0x10) sendto$inet(r0, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) shutdown(r0, 0x1) recvfrom(r0, &(0x7f0000000480)=""/110, 0x168f6f3d, 0x734, 0x0, 0xfffffffffffffecb) 129.652691ms ago: executing program 3 (id=299): r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000400)={'wlan1\x00', 0x0}) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), 0xffffffffffffffff) sendmsg$NL80211_CMD_CONTROL_PORT_FRAME(r0, &(0x7f0000003700)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000340)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=r2, @ANYRES32=r1], 0x4c}}, 0x800) 129.449441ms ago: executing program 3 (id=300): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000002c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000c00)={0x0, 0x0, &(0x7f0000000640)={&(0x7f00000005c0)={0x3c, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_FRAME={0x1f, 0x33, @action={{{}, {}, @device_b}, @ntf_ch_w={0x7, 0x0, 0x1}}}]}, 0x3c}}, 0x0) (fail_nth: 7) 59.614276ms ago: executing program 0 (id=301): r0 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="38001f000314230c2abd7000ff05df250900020073797a310000000008004100727865001400330073797a5f74756e"], 0x38}, 0x1, 0x0, 0x0, 0x48845}, 0x4010) 0s ago: executing program 3 (id=302): r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x800004, @mcast2={0xff, 0x3}}, 0x1c) syz_emit_ethernet(0x76, &(0x7f0000000080)=ANY=[@ANYBLOB="0180c200060086082b9827c186dd60cb3e0200403a00689a0000000000000000000000000000ff02000000000000000000000000000104"], 0x0) kernel console output (not intermixed with test programs): [ 43.888673][ T40] audit: type=1400 audit(1771338629.459:61): avc: denied { siginh } for pid=5828 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 Warning: Permanently added '[localhost]:8865' (ED25519) to the list of known hosts. [ 46.124101][ T40] audit: type=1400 audit(1771338631.719:62): avc: denied { name_bind } for pid=5847 comm="sshd-session" src=30000 scontext=system_u:system_r:sshd_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1 [ 46.158514][ T40] audit: type=1400 audit(1771338631.759:63): avc: denied { execute } for pid=5848 comm="sh" name="syz-executor" dev="sda1" ino=2020 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 46.166641][ T40] audit: type=1400 audit(1771338631.759:64): avc: denied { execute_no_trans } for pid=5848 comm="sh" path="/syz-executor" dev="sda1" ino=2020 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 48.510266][ T40] audit: type=1400 audit(1771338634.109:65): avc: denied { mounton } for pid=5848 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2022 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 48.521164][ T40] audit: type=1400 audit(1771338634.119:66): avc: denied { mount } for pid=5848 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 48.524660][ T5848] cgroup: Unknown subsys name 'net' [ 48.719468][ T5848] cgroup: Unknown subsys name 'cpuset' [ 48.723834][ T5848] cgroup: Unknown subsys name 'rlimit' [ 48.910549][ T40] kauditd_printk_skb: 1 callbacks suppressed [ 48.910560][ T40] audit: type=1400 audit(1771338634.509:68): avc: denied { setattr } for pid=5848 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=849 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 48.920403][ T40] audit: type=1400 audit(1771338634.509:69): avc: denied { create } for pid=5848 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 48.927323][ T40] audit: type=1400 audit(1771338634.509:70): avc: denied { write } for pid=5848 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 48.934608][ T40] audit: type=1400 audit(1771338634.509:71): avc: denied { read } for pid=5848 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 48.949208][ T40] audit: type=1400 audit(1771338634.519:72): avc: denied { mounton } for pid=5848 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 48.959828][ T40] audit: type=1400 audit(1771338634.519:73): avc: denied { mount } for pid=5848 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 48.969903][ T40] audit: type=1400 audit(1771338634.529:74): avc: denied { read } for pid=5637 comm="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=netlink_kobject_uevent_socket permissive=1 [ 48.975574][ T5909] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 48.978518][ T40] audit: type=1400 audit(1771338634.539:75): avc: denied { read } for pid=5637 comm="dhcpcd" name="n102" dev="tmpfs" ino=1966 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 48.990535][ T40] audit: type=1400 audit(1771338634.539:76): avc: denied { open } for pid=5637 comm="dhcpcd" path="/run/udev/data/n102" dev="tmpfs" ino=1966 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 48.999724][ T40] audit: type=1400 audit(1771338634.539:77): avc: denied { getattr } for pid=5637 comm="dhcpcd" path="/run/udev/data/n102" dev="tmpfs" ino=1966 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 Setting up swapspace version 1, size = 127995904 bytes [ 49.685421][ T5848] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 53.005850][ T63] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 53.010745][ T63] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 53.014818][ T63] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 53.019284][ T63] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 53.023241][ T63] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 53.025009][ T5931] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 53.026822][ T63] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 53.029583][ T5931] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 53.032557][ T63] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 53.035005][ T5931] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 53.040735][ T5931] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 53.044879][ T5940] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 53.045393][ T5931] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 53.047759][ T5937] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 53.048044][ T5937] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 53.048500][ T5940] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 53.049018][ T5940] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 53.052824][ T5927] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 53.065959][ T5927] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 53.069702][ T5927] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 53.381639][ T5933] chnl_net:caif_netlink_parms(): no params data found [ 53.432019][ T5932] chnl_net:caif_netlink_parms(): no params data found [ 53.440813][ T5928] chnl_net:caif_netlink_parms(): no params data found [ 53.468128][ T5924] chnl_net:caif_netlink_parms(): no params data found [ 53.517217][ T5933] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.520037][ T5933] bridge0: port 1(bridge_slave_0) entered disabled state [ 53.522828][ T5933] bridge_slave_0: entered allmulticast mode [ 53.526862][ T5933] bridge_slave_0: entered promiscuous mode [ 53.567401][ T5933] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.570558][ T5933] bridge0: port 2(bridge_slave_1) entered disabled state [ 53.573452][ T5933] bridge_slave_1: entered allmulticast mode [ 53.577610][ T5933] bridge_slave_1: entered promiscuous mode [ 53.661989][ T5933] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 53.688292][ T5928] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.691135][ T5928] bridge0: port 1(bridge_slave_0) entered disabled state [ 53.693796][ T5928] bridge_slave_0: entered allmulticast mode [ 53.697438][ T5928] bridge_slave_0: entered promiscuous mode [ 53.701498][ T5928] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.704056][ T5928] bridge0: port 2(bridge_slave_1) entered disabled state [ 53.707447][ T5928] bridge_slave_1: entered allmulticast mode [ 53.710157][ T5928] bridge_slave_1: entered promiscuous mode [ 53.713700][ T5933] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 53.722712][ T5932] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.725501][ T5932] bridge0: port 1(bridge_slave_0) entered disabled state [ 53.728544][ T5932] bridge_slave_0: entered allmulticast mode [ 53.731569][ T5932] bridge_slave_0: entered promiscuous mode [ 53.735926][ T5924] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.739259][ T5924] bridge0: port 1(bridge_slave_0) entered disabled state [ 53.741529][ T5924] bridge_slave_0: entered allmulticast mode [ 53.744881][ T5924] bridge_slave_0: entered promiscuous mode [ 53.748264][ T5924] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.750576][ T5924] bridge0: port 2(bridge_slave_1) entered disabled state [ 53.752932][ T5924] bridge_slave_1: entered allmulticast mode [ 53.755566][ T5924] bridge_slave_1: entered promiscuous mode [ 53.778318][ T5932] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.780654][ T5932] bridge0: port 2(bridge_slave_1) entered disabled state [ 53.782948][ T5932] bridge_slave_1: entered allmulticast mode [ 53.785570][ T5932] bridge_slave_1: entered promiscuous mode [ 53.791084][ T5933] team0: Port device team_slave_0 added [ 53.817894][ T5928] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 53.822975][ T5933] team0: Port device team_slave_1 added [ 53.826767][ T5924] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 53.838354][ T5928] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 53.848317][ T5924] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 53.852522][ T5932] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 53.878769][ T5928] team0: Port device team_slave_0 added [ 53.881767][ T5932] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 53.886085][ T5933] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 53.889820][ T5933] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 53.898866][ T5933] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 53.910567][ T5928] team0: Port device team_slave_1 added [ 53.929302][ T5933] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 53.932274][ T5933] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 53.940943][ T5933] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 53.945663][ T5924] team0: Port device team_slave_0 added [ 53.966305][ T5932] team0: Port device team_slave_0 added [ 53.974955][ T5932] team0: Port device team_slave_1 added [ 53.979668][ T5924] team0: Port device team_slave_1 added [ 53.982552][ T5928] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 53.985387][ T5928] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 53.995399][ T5928] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 54.001029][ T5928] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 54.003740][ T5928] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 54.014011][ T5928] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 54.081649][ T5924] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 54.084569][ T5924] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 54.095191][ T5924] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 54.105607][ T5933] hsr_slave_0: entered promiscuous mode [ 54.108936][ T5933] hsr_slave_1: entered promiscuous mode [ 54.122272][ T5932] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 54.125288][ T5932] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 54.136353][ T5932] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 54.142039][ T5924] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 54.144954][ T5924] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 54.155523][ T5924] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 54.174018][ T5932] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 54.177082][ T5932] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 54.187879][ T5932] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 54.203128][ T5928] hsr_slave_0: entered promiscuous mode [ 54.205394][ T5928] hsr_slave_1: entered promiscuous mode [ 54.208034][ T5928] debugfs: 'hsr0' already exists in 'hsr' [ 54.211381][ T5928] Cannot create hsr debugfs directory [ 54.323118][ T5924] hsr_slave_0: entered promiscuous mode [ 54.326095][ T5924] hsr_slave_1: entered promiscuous mode [ 54.329456][ T5924] debugfs: 'hsr0' already exists in 'hsr' [ 54.331830][ T5924] Cannot create hsr debugfs directory [ 54.337531][ T5932] hsr_slave_0: entered promiscuous mode [ 54.340648][ T5932] hsr_slave_1: entered promiscuous mode [ 54.343688][ T5932] debugfs: 'hsr0' already exists in 'hsr' [ 54.346141][ T5932] Cannot create hsr debugfs directory [ 54.638177][ T5933] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 54.650667][ T5933] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 54.657676][ T5933] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 54.663949][ T5933] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 54.721501][ T5928] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 54.728805][ T5928] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 54.752015][ T5928] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 54.759682][ T5928] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 54.797648][ T5924] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 54.809960][ T5924] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 54.814062][ T5924] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 54.819632][ T5924] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 54.892342][ T5933] 8021q: adding VLAN 0 to HW filter on device bond0 [ 54.895881][ T5932] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 54.900576][ T5932] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 54.908221][ T5932] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 54.912809][ T5932] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 54.957779][ T5933] 8021q: adding VLAN 0 to HW filter on device team0 [ 54.966717][ T5928] 8021q: adding VLAN 0 to HW filter on device bond0 [ 54.980185][ T618] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.982659][ T618] bridge0: port 1(bridge_slave_0) entered forwarding state [ 54.997250][ T618] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.999529][ T618] bridge0: port 2(bridge_slave_1) entered forwarding state [ 55.013900][ T5924] 8021q: adding VLAN 0 to HW filter on device bond0 [ 55.018398][ T5928] 8021q: adding VLAN 0 to HW filter on device team0 [ 55.031842][ T618] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.034049][ T618] bridge0: port 1(bridge_slave_0) entered forwarding state [ 55.042315][ T5924] 8021q: adding VLAN 0 to HW filter on device team0 [ 55.048905][ T618] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.051286][ T618] bridge0: port 2(bridge_slave_1) entered forwarding state [ 55.063239][ T5932] 8021q: adding VLAN 0 to HW filter on device bond0 [ 55.067333][ T5929] Bluetooth: hci1: command tx timeout [ 55.067412][ T5927] Bluetooth: hci0: command tx timeout [ 55.072252][ T106] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.075014][ T106] bridge0: port 1(bridge_slave_0) entered forwarding state [ 55.078257][ T106] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.080456][ T106] bridge0: port 2(bridge_slave_1) entered forwarding state [ 55.104847][ T5932] 8021q: adding VLAN 0 to HW filter on device team0 [ 55.116609][ T46] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.118849][ T46] bridge0: port 1(bridge_slave_0) entered forwarding state [ 55.130058][ T5928] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 55.133549][ T5928] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 55.137224][ T40] kauditd_printk_skb: 15 callbacks suppressed [ 55.137235][ T40] audit: type=1400 audit(1771338640.739:93): avc: denied { sys_module } for pid=5933 comm="syz-executor" capability=16 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 55.146467][ T5927] Bluetooth: hci3: command tx timeout [ 55.149645][ T46] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.152060][ T46] bridge0: port 2(bridge_slave_1) entered forwarding state [ 55.156333][ T5927] Bluetooth: hci2: command tx timeout [ 55.237651][ T5933] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 55.266911][ T5933] veth0_vlan: entered promiscuous mode [ 55.280478][ T5933] veth1_vlan: entered promiscuous mode [ 55.289071][ T5928] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 55.307630][ T5924] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 55.329258][ T5933] veth0_macvtap: entered promiscuous mode [ 55.334979][ T5933] veth1_macvtap: entered promiscuous mode [ 55.355577][ T5932] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 55.362864][ T5933] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 55.375843][ T5924] veth0_vlan: entered promiscuous mode [ 55.386896][ T5933] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 55.390109][ T5928] veth0_vlan: entered promiscuous mode [ 55.403425][ T5924] veth1_vlan: entered promiscuous mode [ 55.406788][ T12] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.409810][ T12] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.419645][ T12] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.424644][ T5928] veth1_vlan: entered promiscuous mode [ 55.437899][ T12] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.489930][ T106] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 55.490405][ T5924] veth0_macvtap: entered promiscuous mode [ 55.493155][ T106] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 55.497774][ T5924] veth1_macvtap: entered promiscuous mode [ 55.506877][ T5932] veth0_vlan: entered promiscuous mode [ 55.509163][ T5928] veth0_macvtap: entered promiscuous mode [ 55.520057][ T5924] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 55.523651][ T5928] veth1_macvtap: entered promiscuous mode [ 55.538910][ T5932] veth1_vlan: entered promiscuous mode [ 55.543056][ T5924] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 55.546261][ T618] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 55.549387][ T618] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 55.549618][ T59] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.565892][ T59] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.568903][ T59] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.576049][ T59] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.578338][ T40] audit: type=1400 audit(1771338641.179:94): avc: denied { mount } for pid=5933 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 55.590444][ T40] audit: type=1400 audit(1771338641.179:95): avc: denied { mounton } for pid=5933 comm="syz-executor" path="/syzkaller.KgBOia/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 55.599856][ T40] audit: type=1400 audit(1771338641.179:96): avc: denied { mount } for pid=5933 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 55.607094][ T40] audit: type=1400 audit(1771338641.179:97): avc: denied { mounton } for pid=5933 comm="syz-executor" path="/syzkaller.KgBOia/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1 [ 55.614001][ T5932] veth0_macvtap: entered promiscuous mode [ 55.617641][ T40] audit: type=1400 audit(1771338641.179:98): avc: denied { mounton } for pid=5933 comm="syz-executor" path="/syzkaller.KgBOia/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=8411 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1 [ 55.631708][ T5928] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 55.631784][ T40] audit: type=1400 audit(1771338641.189:99): avc: denied { unmount } for pid=5933 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 55.639991][ T5933] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 55.640836][ T5932] veth1_macvtap: entered promiscuous mode [ 55.645639][ T40] audit: type=1400 audit(1771338641.189:100): avc: denied { mounton } for pid=5933 comm="syz-executor" path="/dev/gadgetfs" dev="devtmpfs" ino=2840 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1 [ 55.655465][ T40] audit: type=1400 audit(1771338641.189:101): avc: denied { mount } for pid=5933 comm="syz-executor" name="/" dev="gadgetfs" ino=8417 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1 [ 55.663135][ T40] audit: type=1400 audit(1771338641.189:102): avc: denied { mount } for pid=5933 comm="syz-executor" name="/" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 55.670916][ T59] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 55.673527][ T59] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 55.675822][ T5928] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 55.688489][ T12] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.696272][ T12] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.718707][ T12] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.721544][ T12] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.729571][ T46] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 55.730869][ T5932] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 55.733525][ T46] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 55.743532][ T5932] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 55.756893][ T59] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.759763][ T59] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.763618][ T59] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.766477][ T59] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.808289][ T46] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 55.813598][ T46] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 55.839549][ T6014] netlink: 'syz.1.2': attribute type 6 has an invalid length. [ 55.845360][ T6014] netlink: 'syz.1.2': attribute type 6 has an invalid length. [ 55.849392][ T6014] Zero length message leads to an empty skb [ 55.859071][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 55.861605][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 55.881384][ T1146] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 55.884038][ T1146] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 55.916443][ T106] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 55.924512][ T106] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 56.015784][ T6026] netlink: 48 bytes leftover after parsing attributes in process `syz.3.6'. [ 56.152653][ T6030] netlink: 16 bytes leftover after parsing attributes in process `syz.2.8'. [ 56.198936][ T6040] netlink: 8 bytes leftover after parsing attributes in process `syz.0.11'. [ 56.202115][ T6040] netlink: 'syz.0.11': attribute type 30 has an invalid length. [ 56.252707][ T59] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 56.256530][ T6041] netlink: 8 bytes leftover after parsing attributes in process `syz.0.11'. [ 56.258256][ T12] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 56.260198][ T6041] netlink: 'syz.0.11': attribute type 30 has an invalid length. [ 56.268670][ T12] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 56.271559][ T12] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 56.281588][ T6028] infiniband syz1: set active [ 56.284892][ T6028] infiniband syz1: added syz_tun [ 56.318998][ T6043] syz.1.12 uses obsolete (PF_INET,SOCK_PACKET) [ 56.323665][ T6028] RDS/IB: syz1: added [ 56.323919][ T6028] smc: adding ib device syz1 with port count 1 [ 56.323981][ T6028] smc: ib device syz1 port 1 has no pnetid [ 56.597951][ T6052] tmpfs: Bad value for 'mpol' [ 56.600608][ T6052] netlink: 256 bytes leftover after parsing attributes in process `syz.2.15'. [ 56.686372][ T53] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 56.867539][ T53] usb 5-1: too many configurations: 9, using maximum allowed: 8 [ 56.870839][ T6060] netlink: 'syz.2.19': attribute type 1 has an invalid length. [ 56.871470][ T53] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 56.873844][ T6060] netlink: 224 bytes leftover after parsing attributes in process `syz.2.19'. [ 56.880005][ T53] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 56.883612][ T53] usb 5-1: config 0 interface 0 has no altsetting 0 [ 56.886742][ T53] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 56.889999][ T53] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 56.903597][ T53] usb 5-1: config 0 interface 0 has no altsetting 0 [ 56.907899][ T53] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 56.910778][ T53] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 56.914258][ T53] usb 5-1: config 0 interface 0 has no altsetting 0 [ 56.917633][ T53] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 56.920432][ T53] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 56.924012][ T53] usb 5-1: config 0 interface 0 has no altsetting 0 [ 56.928193][ T53] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 56.931661][ T53] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 56.936739][ T53] usb 5-1: config 0 interface 0 has no altsetting 0 [ 56.940208][ T53] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 56.943765][ T53] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 56.951876][ T53] usb 5-1: config 0 interface 0 has no altsetting 0 [ 56.955357][ T53] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 56.958771][ T53] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 56.962888][ T53] usb 5-1: config 0 interface 0 has no altsetting 0 [ 56.965962][ T53] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 56.969087][ T53] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 56.972603][ T53] usb 5-1: config 0 interface 0 has no altsetting 0 [ 56.976761][ T53] usb 5-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 56.979895][ T53] usb 5-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 56.982783][ T53] usb 5-1: Product: syz [ 56.984177][ T53] usb 5-1: Manufacturer: syz [ 56.985862][ T53] usb 5-1: SerialNumber: syz [ 57.000151][ T53] usb 5-1: config 0 descriptor?? [ 57.015989][ T53] yurex 5-1:0.0: USB YUREX device now attached to Yurex #0 [ 57.112459][ T6075] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(3) [ 57.112542][ T6073] netdevsim netdevsim3 netdevsim0: entered promiscuous mode [ 57.115100][ T6075] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 57.122055][ T6075] vhci_hcd vhci_hcd.0: Device attached [ 57.146585][ T5927] Bluetooth: hci1: command tx timeout [ 57.146619][ T5929] Bluetooth: hci0: command tx timeout [ 57.177532][ T6073] netlink: 256 bytes leftover after parsing attributes in process `syz.3.25'. [ 57.184467][ T6076] vhci_hcd: connection closed [ 57.186183][ T618] vhci_hcd vhci_hcd.2: stop threads [ 57.189969][ T618] vhci_hcd vhci_hcd.2: release socket [ 57.192660][ T618] vhci_hcd vhci_hcd.2: disconnect device [ 57.208743][ T6046] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 57.225256][ T6046] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 57.226446][ T5929] Bluetooth: hci2: command tx timeout [ 57.226473][ T5927] Bluetooth: hci3: command tx timeout [ 57.285941][ C1] usb 5-1: yurex_control_callback - control failed: -71 [ 57.287848][ T34] usb 5-1: USB disconnect, device number 2 [ 57.298923][ T34] yurex 5-1:0.0: USB YUREX #0 now disconnected [ 57.440852][ T6088] netlink: 9 bytes leftover after parsing attributes in process `syz.1.30'. [ 57.513491][ T5929] Bluetooth: hci0: unexpected event 0x2f length: 509 > 260 [ 58.028680][ T6124] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 58.078968][ T6126] FAULT_INJECTION: forcing a failure. [ 58.078968][ T6126] name failslab, interval 1, probability 0, space 0, times 1 [ 58.083832][ T6126] CPU: 1 UID: 0 PID: 6126 Comm: syz.3.45 Not tainted syzkaller #0 PREEMPT(full) [ 58.083847][ T6126] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 58.083853][ T6126] Call Trace: [ 58.083857][ T6126] [ 58.083861][ T6126] dump_stack_lvl+0x100/0x190 [ 58.083882][ T6126] should_fail_ex.cold+0x5/0xa [ 58.083896][ T6126] should_failslab+0xc2/0x120 [ 58.083911][ T6126] __kmalloc_node_noprof+0xe6/0x850 [ 58.083924][ T6126] ? alloc_slab_obj_exts+0x4e/0x190 [ 58.083937][ T6126] alloc_slab_obj_exts+0x4e/0x190 [ 58.083949][ T6126] __memcg_slab_post_alloc_hook+0x24a/0x9a0 [ 58.083970][ T6126] ? __d_alloc+0x679/0xa80 [ 58.083979][ T6126] __kmalloc_noprof+0x662/0x850 [ 58.083994][ T6126] __d_alloc+0x679/0xa80 [ 58.084006][ T6126] d_alloc+0x4a/0x1e0 [ 58.084017][ T6126] lookup_one_qstr_excl+0x175/0x250 [ 58.084028][ T6126] ? mnt_want_write+0x161/0x450 [ 58.084043][ T6126] filename_create+0x1cf/0x400 [ 58.084058][ T6126] ? __pfx_filename_create+0x10/0x10 [ 58.084074][ T6126] ? find_held_lock+0x2b/0x80 [ 58.084089][ T6126] filename_mkdirat+0xb9/0x5e0 [ 58.084107][ T6126] ? __pfx_filename_mkdirat+0x10/0x10 [ 58.084130][ T6126] ? strncpy_from_user+0x19d/0x2d0 [ 58.084144][ T6126] ? do_getname+0x191/0x390 [ 58.084156][ T6126] __x64_sys_mkdirat+0x89/0xc0 [ 58.084173][ T6126] do_syscall_64+0x106/0xf80 [ 58.084188][ T6126] ? clear_bhb_loop+0x40/0x90 [ 58.084201][ T6126] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 58.084211][ T6126] RIP: 0033:0x7ffac639c139 [ 58.084220][ T6126] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 58.084230][ T6126] RSP: 002b:00007ffac71bb028 EFLAGS: 00000246 ORIG_RAX: 0000000000000102 [ 58.084241][ T6126] RAX: ffffffffffffffda RBX: 00007ffac6615fa0 RCX: 00007ffac639c139 [ 58.084247][ T6126] RDX: 0000000000000000 RSI: 0000200000001dc0 RDI: ffffffffffffff9c [ 58.084253][ T6126] RBP: 00007ffac71bb090 R08: 0000000000000000 R09: 0000000000000000 [ 58.084258][ T6126] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 58.084264][ T6126] R13: 00007ffac6616038 R14: 00007ffac6615fa0 R15: 00007ffc621f48a8 [ 58.084277][ T6126] [ 58.365313][ T6138] ip6_tunnel: non-ECT from fe80:0000:0000:0000:0000:0000:0000:00aa with DS=0x71 [ 58.380745][ T6138] netlink: 8 bytes leftover after parsing attributes in process `syz.0.50'. [ 58.553414][ T6149] FAULT_INJECTION: forcing a failure. [ 58.553414][ T6149] name failslab, interval 1, probability 0, space 0, times 0 [ 58.559356][ T6149] CPU: 2 UID: 0 PID: 6149 Comm: syz.1.56 Not tainted syzkaller #0 PREEMPT(full) [ 58.559371][ T6149] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 58.559378][ T6149] Call Trace: [ 58.559382][ T6149] [ 58.559387][ T6149] dump_stack_lvl+0x100/0x190 [ 58.559408][ T6149] should_fail_ex.cold+0x5/0xa [ 58.559423][ T6149] should_failslab+0xc2/0x120 [ 58.559439][ T6149] kmem_cache_alloc_lru_noprof+0x80/0x6e0 [ 58.559452][ T6149] ? __d_alloc+0x34/0xa80 [ 58.559465][ T6149] __d_alloc+0x34/0xa80 [ 58.559477][ T6149] d_alloc_parallel+0x111/0x14e0 [ 58.559492][ T6149] ? find_held_lock+0x2b/0x80 [ 58.559505][ T6149] ? avc_has_perm_noaudit+0x11e/0x3b0 [ 58.559517][ T6149] ? look_up_lock_class+0x64/0x120 [ 58.559533][ T6149] ? register_lock_class+0x40/0x560 [ 58.559551][ T6149] ? __pfx_d_alloc_parallel+0x10/0x10 [ 58.559566][ T6149] ? lockdep_init_map_type+0x5c/0x250 [ 58.559583][ T6149] ? lockdep_init_map_type+0x5c/0x250 [ 58.559602][ T6149] __lookup_slow+0x193/0x460 [ 58.559615][ T6149] ? __pfx___lookup_slow+0x10/0x10 [ 58.559628][ T6149] ? irq_entries_start+0xd0/0xcb0 [ 58.559642][ T6149] ? irq_entries_start+0xd0/0xcb0 [ 58.559656][ T6149] lookup_slow+0x50/0x70 [ 58.559668][ T6149] lookup_one_unlocked+0xb8/0xd0 [ 58.559684][ T6149] ovl_lookup_single+0x3df/0x1280 [ 58.559699][ T6149] ? __pfx_ovl_lookup_single+0x10/0x10 [ 58.559713][ T6149] ovl_lookup_layer+0x3f1/0x4b0 [ 58.559724][ T6149] ? rcu_is_watching+0x12/0xc0 [ 58.559737][ T6149] ? trace_kmalloc+0x101/0x130 [ 58.559751][ T6149] ? __pfx_ovl_lookup_layer+0x10/0x10 [ 58.559762][ T6149] ? __kmalloc_noprof+0x320/0x850 [ 58.559777][ T6149] ovl_lookup_layers+0x16d4/0x2ac0 [ 58.559789][ T6149] ? __kasan_kmalloc+0xaa/0xb0 [ 58.559803][ T6149] ? lookup_one_qstr_excl+0x175/0x250 [ 58.559815][ T6149] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 58.559828][ T6149] ? __pfx_ovl_lookup_layers+0x10/0x10 [ 58.559848][ T6149] ovl_lookup+0x4a8/0x6b0 [ 58.559860][ T6149] ? __pfx_ovl_lookup+0x10/0x10 [ 58.559870][ T6149] ? rcu_is_watching+0x12/0xc0 [ 58.559884][ T6149] ? do_raw_spin_lock+0x128/0x260 [ 58.559898][ T6149] ? do_raw_spin_unlock+0x145/0x1e0 [ 58.559909][ T6149] ? _raw_spin_unlock+0x28/0x50 [ 58.559925][ T6149] lookup_one_qstr_excl+0x1d1/0x250 [ 58.559936][ T6149] ? mnt_want_write+0x161/0x450 [ 58.559951][ T6149] filename_create+0x1cf/0x400 [ 58.559965][ T6149] ? __pfx_filename_create+0x10/0x10 [ 58.559982][ T6149] ? find_held_lock+0x2b/0x80 [ 58.559996][ T6149] filename_mkdirat+0xb9/0x5e0 [ 58.560014][ T6149] ? __pfx_filename_mkdirat+0x10/0x10 [ 58.560031][ T6149] ? strncpy_from_user+0x19d/0x2d0 [ 58.560045][ T6149] ? do_getname+0x191/0x390 [ 58.560057][ T6149] __x64_sys_mkdirat+0x89/0xc0 [ 58.560074][ T6149] do_syscall_64+0x106/0xf80 [ 58.560088][ T6149] ? clear_bhb_loop+0x40/0x90 [ 58.560101][ T6149] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 58.560111][ T6149] RIP: 0033:0x7f4d4259c139 [ 58.560121][ T6149] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 58.560131][ T6149] RSP: 002b:00007f4d43462028 EFLAGS: 00000246 ORIG_RAX: 0000000000000102 [ 58.560141][ T6149] RAX: ffffffffffffffda RBX: 00007f4d42815fa0 RCX: 00007f4d4259c139 [ 58.560147][ T6149] RDX: 0000000000000000 RSI: 0000200000001dc0 RDI: ffffffffffffff9c [ 58.560153][ T6149] RBP: 00007f4d43462090 R08: 0000000000000000 R09: 0000000000000000 [ 58.560159][ T6149] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 58.560165][ T6149] R13: 00007f4d42816038 R14: 00007f4d42815fa0 R15: 00007ffec513c0a8 [ 58.560178][ T6149] [ 59.226483][ T5929] Bluetooth: hci1: command tx timeout [ 59.226647][ T5927] Bluetooth: hci0: command tx timeout [ 59.308101][ T5927] Bluetooth: hci2: command tx timeout [ 59.316658][ T5927] Bluetooth: hci3: command tx timeout [ 59.327016][ T6155] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 59.357914][ T6157] netlink: 48 bytes leftover after parsing attributes in process `syz.2.60'. [ 59.367096][ T5929] Bluetooth: hci0: hardware error 0x01 [ 59.426834][ T6167] FAULT_INJECTION: forcing a failure. [ 59.426834][ T6167] name failslab, interval 1, probability 0, space 0, times 0 [ 59.431918][ T6167] CPU: 1 UID: 0 PID: 6167 Comm: syz.1.65 Not tainted syzkaller #0 PREEMPT(full) [ 59.431933][ T6167] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 59.431939][ T6167] Call Trace: [ 59.431944][ T6167] [ 59.431954][ T6167] dump_stack_lvl+0x100/0x190 [ 59.431976][ T6167] should_fail_ex.cold+0x5/0xa [ 59.431990][ T6167] ? tomoyo_realpath_from_path+0xb6/0x690 [ 59.432001][ T6167] should_failslab+0xc2/0x120 [ 59.432017][ T6167] __kmalloc_noprof+0xe0/0x850 [ 59.432033][ T6167] tomoyo_realpath_from_path+0xb6/0x690 [ 59.432047][ T6167] tomoyo_path_number_perm+0x23c/0x580 [ 59.432062][ T6167] ? tomoyo_path_number_perm+0x22e/0x580 [ 59.432078][ T6167] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 59.432112][ T6167] ? current_check_access_path+0x281/0x460 [ 59.432127][ T6167] ? __pfx_current_check_access_path+0x10/0x10 [ 59.432141][ T6167] ? _raw_spin_unlock+0x28/0x50 [ 59.432158][ T6167] ? lookup_one_qstr_excl+0xb3/0x250 [ 59.432171][ T6167] tomoyo_path_mkdir+0x9b/0xe0 [ 59.432183][ T6167] ? __pfx_tomoyo_path_mkdir+0x10/0x10 [ 59.432199][ T6167] security_path_mkdir+0x154/0x2e0 [ 59.432218][ T6167] filename_mkdirat+0x168/0x5e0 [ 59.432236][ T6167] ? __pfx_filename_mkdirat+0x10/0x10 [ 59.432253][ T6167] ? strncpy_from_user+0x19d/0x2d0 [ 59.432267][ T6167] ? do_getname+0x191/0x390 [ 59.432279][ T6167] __x64_sys_mkdirat+0x89/0xc0 [ 59.432296][ T6167] do_syscall_64+0x106/0xf80 [ 59.432310][ T6167] ? clear_bhb_loop+0x40/0x90 [ 59.432323][ T6167] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 59.432334][ T6167] RIP: 0033:0x7f4d4259c139 [ 59.432342][ T6167] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 59.432352][ T6167] RSP: 002b:00007f4d43462028 EFLAGS: 00000246 ORIG_RAX: 0000000000000102 [ 59.432362][ T6167] RAX: ffffffffffffffda RBX: 00007f4d42815fa0 RCX: 00007f4d4259c139 [ 59.432369][ T6167] RDX: 0000000000000000 RSI: 0000200000001dc0 RDI: ffffffffffffff9c [ 59.432374][ T6167] RBP: 00007f4d43462090 R08: 0000000000000000 R09: 0000000000000000 [ 59.432380][ T6167] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 59.432386][ T6167] R13: 00007f4d42816038 R14: 00007f4d42815fa0 R15: 00007ffec513c0a8 [ 59.432404][ T6167] [ 59.432409][ T6167] ERROR: Out of memory at tomoyo_realpath_from_path. [ 59.540768][ T6173] FAULT_INJECTION: forcing a failure. [ 59.540768][ T6173] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 59.540800][ T6173] CPU: 3 UID: 0 PID: 6173 Comm: syz.2.67 Not tainted syzkaller #0 PREEMPT(full) [ 59.540813][ T6173] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 59.540819][ T6173] Call Trace: [ 59.540823][ T6173] [ 59.540827][ T6173] dump_stack_lvl+0x100/0x190 [ 59.540847][ T6173] should_fail_ex.cold+0x5/0xa [ 59.540861][ T6173] _copy_from_user+0x2e/0xd0 [ 59.540874][ T6173] input_event_from_user+0x123/0x310 [ 59.540891][ T6173] ? __pfx_input_event_from_user+0x10/0x10 [ 59.540907][ T6173] ? __pfx___might_resched+0x10/0x10 [ 59.540918][ T6173] ? input_inject_event+0x1c9/0x3b0 [ 59.540935][ T6173] evdev_write+0x342/0x610 [ 59.540954][ T6173] ? __pfx_evdev_write+0x10/0x10 [ 59.540970][ T6173] ? bpf_lsm_file_permission+0x9/0x10 [ 59.540985][ T6173] ? security_file_permission+0x76/0x210 [ 59.540996][ T6173] ? rw_verify_area+0xce/0x6d0 [ 59.541010][ T6173] vfs_write+0x2aa/0x1070 [ 59.541024][ T6173] ? __pfx_evdev_write+0x10/0x10 [ 59.541041][ T6173] ? __pfx_vfs_write+0x10/0x10 [ 59.541054][ T6173] ? find_held_lock+0x2b/0x80 [ 59.541066][ T6173] ? __fget_files+0x215/0x3d0 [ 59.541081][ T6173] ? __fget_files+0x215/0x3d0 [ 59.541123][ T6173] ? __fget_files+0x21f/0x3d0 [ 59.541149][ T6173] ksys_write+0x1f8/0x250 [ 59.541168][ T6173] ? __pfx_ksys_write+0x10/0x10 [ 59.541186][ T6173] do_syscall_64+0x106/0xf80 [ 59.541200][ T6173] ? clear_bhb_loop+0x40/0x90 [ 59.541214][ T6173] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 59.541224][ T6173] RIP: 0033:0x7f301c19c139 [ 59.541234][ T6173] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 59.541244][ T6173] RSP: 002b:00007f301d0af028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 59.541254][ T6173] RAX: ffffffffffffffda RBX: 00007f301c415fa0 RCX: 00007f301c19c139 [ 59.541260][ T6173] RDX: 00000000000012d8 RSI: 0000200000000040 RDI: 0000000000000003 [ 59.541266][ T6173] RBP: 00007f301d0af090 R08: 0000000000000000 R09: 0000000000000000 [ 59.541272][ T6173] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 59.541277][ T6173] R13: 00007f301c416038 R14: 00007f301c415fa0 R15: 00007ffdc740a888 [ 59.541290][ T6173] [ 59.680879][ T6179] process 'syz.2.70' launched '/dev/fd/5' with NULL argv: empty string added [ 60.192287][ T40] kauditd_printk_skb: 150 callbacks suppressed [ 60.192299][ T40] audit: type=1400 audit(1771338645.789:253): avc: denied { create } for pid=6201 comm="syz.2.81" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 60.200570][ T40] audit: type=1400 audit(1771338645.789:254): avc: denied { read write } for pid=6209 comm="syz.1.84" name="vbi4" dev="devtmpfs" ino=1003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:v4l_device_t tclass=chr_file permissive=1 [ 60.207971][ T40] audit: type=1400 audit(1771338645.789:255): avc: denied { open } for pid=6209 comm="syz.1.84" path="/dev/vbi4" dev="devtmpfs" ino=1003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:v4l_device_t tclass=chr_file permissive=1 [ 60.214978][ T40] audit: type=1400 audit(1771338645.789:256): avc: denied { write } for pid=6201 comm="syz.2.81" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 60.221241][ T40] audit: type=1400 audit(1771338645.789:257): avc: denied { nlmsg_write } for pid=6201 comm="syz.2.81" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 60.375724][ T40] audit: type=1400 audit(1771338645.969:258): avc: denied { prog_run } for pid=6211 comm="syz.3.85" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 60.404691][ T40] audit: type=1400 audit(1771338645.999:259): avc: denied { write } for pid=6213 comm="syz.3.86" name="event1" dev="devtmpfs" ino=942 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 60.407114][ T6214] FAULT_INJECTION: forcing a failure. [ 60.407114][ T6214] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 60.412565][ T40] audit: type=1400 audit(1771338645.999:260): avc: denied { open } for pid=6213 comm="syz.3.86" path="/dev/input/event1" dev="devtmpfs" ino=942 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 60.417133][ T6214] CPU: 2 UID: 0 PID: 6214 Comm: syz.3.86 Not tainted syzkaller #0 PREEMPT(full) [ 60.417156][ T6214] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 60.417167][ T6214] Call Trace: [ 60.417179][ T6214] [ 60.417185][ T6214] dump_stack_lvl+0x100/0x190 [ 60.417216][ T6214] should_fail_ex.cold+0x5/0xa [ 60.417239][ T6214] _copy_from_user+0x2e/0xd0 [ 60.417258][ T6214] input_event_from_user+0x123/0x310 [ 60.417275][ T6214] ? __pfx_input_event_from_user+0x10/0x10 [ 60.417292][ T6214] ? __pfx___might_resched+0x10/0x10 [ 60.417303][ T6214] ? input_inject_event+0x1c9/0x3b0 [ 60.417320][ T6214] evdev_write+0x342/0x610 [ 60.417338][ T6214] ? __pfx_evdev_write+0x10/0x10 [ 60.417355][ T6214] ? bpf_lsm_file_permission+0x9/0x10 [ 60.417369][ T6214] ? security_file_permission+0x76/0x210 [ 60.417381][ T6214] ? rw_verify_area+0xce/0x6d0 [ 60.417394][ T6214] vfs_write+0x2aa/0x1070 [ 60.417408][ T6214] ? __pfx_evdev_write+0x10/0x10 [ 60.417426][ T6214] ? __pfx_vfs_write+0x10/0x10 [ 60.417439][ T6214] ? find_held_lock+0x2b/0x80 [ 60.417452][ T6214] ? __fget_files+0x215/0x3d0 [ 60.417467][ T6214] ? __fget_files+0x215/0x3d0 [ 60.417485][ T6214] ? __fget_files+0x21f/0x3d0 [ 60.417504][ T6214] ksys_write+0x1f8/0x250 [ 60.417517][ T6214] ? __pfx_ksys_write+0x10/0x10 [ 60.417535][ T6214] do_syscall_64+0x106/0xf80 [ 60.417549][ T6214] ? clear_bhb_loop+0x40/0x90 [ 60.417562][ T6214] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 60.417573][ T6214] RIP: 0033:0x7ffac639c139 [ 60.417582][ T6214] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 60.417592][ T6214] RSP: 002b:00007ffac71bb028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 60.417603][ T6214] RAX: ffffffffffffffda RBX: 00007ffac6615fa0 RCX: 00007ffac639c139 [ 60.417609][ T6214] RDX: 00000000000012d8 RSI: 0000200000000040 RDI: 0000000000000003 [ 60.417615][ T6214] RBP: 00007ffac71bb090 R08: 0000000000000000 R09: 0000000000000000 [ 60.417620][ T6214] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 60.417626][ T6214] R13: 00007ffac6616038 R14: 00007ffac6615fa0 R15: 00007ffc621f48a8 [ 60.417639][ T6214] [ 60.540942][ T40] audit: type=1400 audit(1771338646.139:261): avc: denied { mounton } for pid=6215 comm="syz.3.87" path="/28/bus" dev="tmpfs" ino=188 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 60.541074][ T6216] overlayfs: failed to resolve './file1': -2 [ 60.588189][ T5927] Bluetooth: hci0: unexpected event 0x2f length: 509 > 260 [ 60.592002][ T40] audit: type=1400 audit(1771338646.189:262): avc: denied { read } for pid=6217 comm="syz.3.88" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 60.902672][ T6221] ip6_tunnel: non-ECT from fe80:0000:0000:0000:0000:0000:0000:00aa with DS=0x71 [ 60.995472][ T6225] openvswitch: netlink: nsh attr 0 has unexpected len 3 expected 0 [ 61.149624][ T6241] __nla_validate_parse: 3 callbacks suppressed [ 61.149640][ T6241] netlink: 48 bytes leftover after parsing attributes in process `syz.0.100'. [ 61.157130][ T6240] FAULT_INJECTION: forcing a failure. [ 61.157130][ T6240] name failslab, interval 1, probability 0, space 0, times 0 [ 61.161663][ T6240] CPU: 2 UID: 0 PID: 6240 Comm: syz.3.99 Not tainted syzkaller #0 PREEMPT(full) [ 61.161684][ T6240] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 61.161693][ T6240] Call Trace: [ 61.161699][ T6240] [ 61.161705][ T6240] dump_stack_lvl+0x100/0x190 [ 61.161734][ T6240] should_fail_ex.cold+0x5/0xa [ 61.161757][ T6240] should_failslab+0xc2/0x120 [ 61.161780][ T6240] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 61.161800][ T6240] ? prepare_creds+0x2c/0x950 [ 61.161823][ T6240] prepare_creds+0x2c/0x950 [ 61.161841][ T6240] ovl_override_creator_creds+0x110/0x340 [ 61.161865][ T6240] ovl_create_or_link+0x18a/0x390 [ 61.161887][ T6240] ovl_create_object+0x2bf/0x3b0 [ 61.161907][ T6240] ? __pfx_ovl_create_object+0x10/0x10 [ 61.161929][ T6240] ? inode_permission+0x374/0x620 [ 61.161952][ T6240] ovl_mkdir+0x2a/0x40 [ 61.161972][ T6240] vfs_mkdir+0x361/0x850 [ 61.161994][ T6240] filename_mkdirat+0x48b/0x5e0 [ 61.162020][ T6240] ? __pfx_filename_mkdirat+0x10/0x10 [ 61.162044][ T6240] ? strncpy_from_user+0x19d/0x2d0 [ 61.162065][ T6240] ? do_getname+0x191/0x390 [ 61.162083][ T6240] __x64_sys_mkdirat+0x89/0xc0 [ 61.162108][ T6240] do_syscall_64+0x106/0xf80 [ 61.162129][ T6240] ? clear_bhb_loop+0x40/0x90 [ 61.162148][ T6240] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 61.162164][ T6240] RIP: 0033:0x7ffac639c139 [ 61.162177][ T6240] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 61.162192][ T6240] RSP: 002b:00007ffac71bb028 EFLAGS: 00000246 ORIG_RAX: 0000000000000102 [ 61.162208][ T6240] RAX: ffffffffffffffda RBX: 00007ffac6615fa0 RCX: 00007ffac639c139 [ 61.162218][ T6240] RDX: 0000000000000000 RSI: 0000200000001dc0 RDI: ffffffffffffff9c [ 61.162227][ T6240] RBP: 00007ffac71bb090 R08: 0000000000000000 R09: 0000000000000000 [ 61.162252][ T6240] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 61.162261][ T6240] R13: 00007ffac6616038 R14: 00007ffac6615fa0 R15: 00007ffc621f48a8 [ 61.162284][ T6240] [ 61.194595][ T6244] overlayfs: failed to resolve './file1': -2 [ 61.282219][ T6233] kvm_intel: kvm [6232]: vcpu0, guest rIP: 0x0 Unhandled WRMSR(0x1d9) = 0xbb [ 61.285367][ T6248] FAULT_INJECTION: forcing a failure. [ 61.285367][ T6248] name failslab, interval 1, probability 0, space 0, times 0 [ 61.289911][ T6233] netlink: 24 bytes leftover after parsing attributes in process `syz.1.95'. [ 61.293169][ T6233] netlink: 24 bytes leftover after parsing attributes in process `syz.1.95'. [ 61.293399][ T6248] CPU: 0 UID: 0 PID: 6248 Comm: syz.3.102 Not tainted syzkaller #0 PREEMPT(full) [ 61.293421][ T6248] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 61.293431][ T6248] Call Trace: [ 61.293437][ T6248] [ 61.293444][ T6248] dump_stack_lvl+0x100/0x190 [ 61.293475][ T6248] should_fail_ex.cold+0x5/0xa [ 61.293497][ T6248] ? tomoyo_encode2+0xfb/0x3c0 [ 61.293514][ T6248] should_failslab+0xc2/0x120 [ 61.293539][ T6248] __kmalloc_noprof+0xe0/0x850 [ 61.293567][ T6248] tomoyo_encode2+0xfb/0x3c0 [ 61.293588][ T6248] tomoyo_encode+0x29/0x50 [ 61.293604][ T6248] tomoyo_realpath_from_path+0x18c/0x690 [ 61.293629][ T6248] tomoyo_path_number_perm+0x23c/0x580 [ 61.293653][ T6248] ? tomoyo_path_number_perm+0x22e/0x580 [ 61.293680][ T6248] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 61.293729][ T6248] ? find_held_lock+0x2b/0x80 [ 61.293751][ T6248] ? __fget_files+0x215/0x3d0 [ 61.293775][ T6248] ? hook_file_ioctl_common+0x146/0x410 [ 61.293802][ T6248] ? __fget_files+0x21f/0x3d0 [ 61.293832][ T6248] security_file_ioctl+0xd3/0x230 [ 61.293861][ T6248] __x64_sys_ioctl+0xb7/0x210 [ 61.293885][ T6248] do_syscall_64+0x106/0xf80 [ 61.293909][ T6248] ? clear_bhb_loop+0x40/0x90 [ 61.293931][ T6248] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 61.293949][ T6248] RIP: 0033:0x7ffac639c139 [ 61.293964][ T6248] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 61.293980][ T6248] RSP: 002b:00007ffac71bb028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 61.293997][ T6248] RAX: ffffffffffffffda RBX: 00007ffac6615fa0 RCX: 00007ffac639c139 [ 61.294007][ T6248] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 61.294017][ T6248] RBP: 00007ffac71bb090 R08: 0000000000000000 R09: 0000000000000000 [ 61.294027][ T6248] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 61.294037][ T6248] R13: 00007ffac6616038 R14: 00007ffac6615fa0 R15: 00007ffc621f48a8 [ 61.294061][ T6248] [ 61.294077][ T6248] ERROR: Out of memory at tomoyo_realpath_from_path. [ 61.318201][ T6252] : renamed from vlan0 (while UP) [ 61.318414][ T5927] Bluetooth: hci1: command tx timeout [ 61.386308][ T5929] Bluetooth: hci0: Opcode 0x0c03 failed: -110 [ 61.396307][ T5929] Bluetooth: hci3: command tx timeout [ 61.399138][ T5929] Bluetooth: hci2: command tx timeout [ 61.480878][ T6262] netlink: 24 bytes leftover after parsing attributes in process `syz.1.106'. [ 61.599992][ T6274] ip6_tunnel: non-ECT from fe80:0000:0000:0000:0000:0000:0000:00aa with DS=0x71 [ 61.721627][ T6282] netlink: 48 bytes leftover after parsing attributes in process `syz.1.115'. [ 61.757895][ T6285] FAULT_INJECTION: forcing a failure. [ 61.757895][ T6285] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 61.762038][ T6285] CPU: 1 UID: 0 PID: 6285 Comm: syz.2.117 Not tainted syzkaller #0 PREEMPT(full) [ 61.762052][ T6285] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 61.762058][ T6285] Call Trace: [ 61.762063][ T6285] [ 61.762067][ T6285] dump_stack_lvl+0x100/0x190 [ 61.762089][ T6285] should_fail_ex.cold+0x5/0xa [ 61.762103][ T6285] _copy_from_user+0x2e/0xd0 [ 61.762116][ T6285] input_event_from_user+0x123/0x310 [ 61.762134][ T6285] ? __pfx_input_event_from_user+0x10/0x10 [ 61.762154][ T6285] ? __pfx___might_resched+0x10/0x10 [ 61.762166][ T6285] ? input_inject_event+0x1c9/0x3b0 [ 61.762183][ T6285] evdev_write+0x342/0x610 [ 61.762201][ T6285] ? __pfx_evdev_write+0x10/0x10 [ 61.762218][ T6285] ? bpf_lsm_file_permission+0x9/0x10 [ 61.762232][ T6285] ? security_file_permission+0x76/0x210 [ 61.762243][ T6285] ? rw_verify_area+0xce/0x6d0 [ 61.762257][ T6285] vfs_write+0x2aa/0x1070 [ 61.762271][ T6285] ? __pfx_evdev_write+0x10/0x10 [ 61.762288][ T6285] ? __pfx_vfs_write+0x10/0x10 [ 61.762300][ T6285] ? find_held_lock+0x2b/0x80 [ 61.762312][ T6285] ? __fget_files+0x215/0x3d0 [ 61.762328][ T6285] ? __fget_files+0x215/0x3d0 [ 61.762345][ T6285] ? __fget_files+0x21f/0x3d0 [ 61.762364][ T6285] ksys_write+0x1f8/0x250 [ 61.762378][ T6285] ? __pfx_ksys_write+0x10/0x10 [ 61.762395][ T6285] do_syscall_64+0x106/0xf80 [ 61.762410][ T6285] ? clear_bhb_loop+0x40/0x90 [ 61.762423][ T6285] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 61.762433][ T6285] RIP: 0033:0x7f301c19c139 [ 61.762443][ T6285] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 61.762453][ T6285] RSP: 002b:00007f301d0af028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 61.762463][ T6285] RAX: ffffffffffffffda RBX: 00007f301c415fa0 RCX: 00007f301c19c139 [ 61.762469][ T6285] RDX: 00000000000012d8 RSI: 0000200000000040 RDI: 0000000000000003 [ 61.762475][ T6285] RBP: 00007f301d0af090 R08: 0000000000000000 R09: 0000000000000000 [ 61.762481][ T6285] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 61.762486][ T6285] R13: 00007f301c416038 R14: 00007f301c415fa0 R15: 00007ffdc740a888 [ 61.762499][ T6285] [ 61.933000][ T6302] ip6_tunnel: non-ECT from fe80:0000:0000:0000:0000:0000:0000:00aa with DS=0x71 [ 61.974900][ T6304] FAULT_INJECTION: forcing a failure. [ 61.974900][ T6304] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 61.979507][ T6304] CPU: 0 UID: 0 PID: 6304 Comm: syz.2.124 Not tainted syzkaller #0 PREEMPT(full) [ 61.979523][ T6304] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 61.979529][ T6304] Call Trace: [ 61.979533][ T6304] [ 61.979537][ T6304] dump_stack_lvl+0x100/0x190 [ 61.979563][ T6304] should_fail_ex.cold+0x5/0xa [ 61.979581][ T6304] _copy_from_user+0x2e/0xd0 [ 61.979594][ T6304] input_event_from_user+0x123/0x310 [ 61.979616][ T6304] ? __pfx_input_event_from_user+0x10/0x10 [ 61.979633][ T6304] ? __pfx___might_resched+0x10/0x10 [ 61.979644][ T6304] ? input_inject_event+0x1c9/0x3b0 [ 61.979661][ T6304] evdev_write+0x342/0x610 [ 61.979679][ T6304] ? __pfx_evdev_write+0x10/0x10 [ 61.979696][ T6304] ? bpf_lsm_file_permission+0x9/0x10 [ 61.979711][ T6304] ? security_file_permission+0x76/0x210 [ 61.979723][ T6304] ? rw_verify_area+0xce/0x6d0 [ 61.979736][ T6304] vfs_write+0x2aa/0x1070 [ 61.979751][ T6304] ? __pfx_evdev_write+0x10/0x10 [ 61.979772][ T6304] ? __pfx_vfs_write+0x10/0x10 [ 61.979788][ T6304] ? find_held_lock+0x2b/0x80 [ 61.979806][ T6304] ? __fget_files+0x215/0x3d0 [ 61.979827][ T6304] ? __fget_files+0x215/0x3d0 [ 61.979852][ T6304] ? __fget_files+0x21f/0x3d0 [ 61.979884][ T6304] ksys_write+0x1f8/0x250 [ 61.979904][ T6304] ? __pfx_ksys_write+0x10/0x10 [ 61.979926][ T6304] do_syscall_64+0x106/0xf80 [ 61.979944][ T6304] ? clear_bhb_loop+0x40/0x90 [ 61.979957][ T6304] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 61.979968][ T6304] RIP: 0033:0x7f301c19c139 [ 61.979977][ T6304] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 61.979987][ T6304] RSP: 002b:00007f301d0af028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 61.979998][ T6304] RAX: ffffffffffffffda RBX: 00007f301c415fa0 RCX: 00007f301c19c139 [ 61.980004][ T6304] RDX: 00000000000012d8 RSI: 0000200000000040 RDI: 0000000000000003 [ 61.980010][ T6304] RBP: 00007f301d0af090 R08: 0000000000000000 R09: 0000000000000000 [ 61.980016][ T6304] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 61.980021][ T6304] R13: 00007f301c416038 R14: 00007f301c415fa0 R15: 00007ffdc740a888 [ 61.980034][ T6304] [ 62.243687][ T6331] FAULT_INJECTION: forcing a failure. [ 62.243687][ T6331] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 62.249378][ T6331] CPU: 2 UID: 0 PID: 6331 Comm: syz.0.135 Not tainted syzkaller #0 PREEMPT(full) [ 62.249400][ T6331] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 62.249409][ T6331] Call Trace: [ 62.249415][ T6331] [ 62.249422][ T6331] dump_stack_lvl+0x100/0x190 [ 62.249452][ T6331] should_fail_ex.cold+0x5/0xa [ 62.249474][ T6331] _copy_from_user+0x2e/0xd0 [ 62.249494][ T6331] input_event_from_user+0x123/0x310 [ 62.249519][ T6331] ? __pfx_input_event_from_user+0x10/0x10 [ 62.249543][ T6331] ? __pfx___might_resched+0x10/0x10 [ 62.249560][ T6331] ? input_inject_event+0x1c9/0x3b0 [ 62.249586][ T6331] evdev_write+0x342/0x610 [ 62.249613][ T6331] ? __pfx_evdev_write+0x10/0x10 [ 62.249637][ T6331] ? bpf_lsm_file_permission+0x9/0x10 [ 62.249672][ T6331] ? security_file_permission+0x76/0x210 [ 62.249691][ T6331] ? rw_verify_area+0xce/0x6d0 [ 62.249712][ T6331] vfs_write+0x2aa/0x1070 [ 62.249733][ T6331] ? __pfx_evdev_write+0x10/0x10 [ 62.249757][ T6331] ? __pfx_vfs_write+0x10/0x10 [ 62.249774][ T6331] ? find_held_lock+0x2b/0x80 [ 62.249793][ T6331] ? __fget_files+0x215/0x3d0 [ 62.249815][ T6331] ? __fget_files+0x215/0x3d0 [ 62.249856][ T6331] ? __fget_files+0x21f/0x3d0 [ 62.249886][ T6331] ksys_write+0x1f8/0x250 [ 62.249906][ T6331] ? __pfx_ksys_write+0x10/0x10 [ 62.249932][ T6331] do_syscall_64+0x106/0xf80 [ 62.249954][ T6331] ? clear_bhb_loop+0x40/0x90 [ 62.249974][ T6331] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 62.249990][ T6331] RIP: 0033:0x7fb337d9c139 [ 62.250005][ T6331] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 62.250019][ T6331] RSP: 002b:00007fb338c4c028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 62.250036][ T6331] RAX: ffffffffffffffda RBX: 00007fb338015fa0 RCX: 00007fb337d9c139 [ 62.250046][ T6331] RDX: 00000000000012d8 RSI: 0000200000000040 RDI: 0000000000000003 [ 62.250055][ T6331] RBP: 00007fb338c4c090 R08: 0000000000000000 R09: 0000000000000000 [ 62.250065][ T6331] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 62.250080][ T6331] R13: 00007fb338016038 R14: 00007fb338015fa0 R15: 00007fffa11a2108 [ 62.250101][ T6331] [ 62.369629][ T6341] netlink: 'syz.2.140': attribute type 1 has an invalid length. [ 62.390298][ T6341] 8021q: adding VLAN 0 to HW filter on device bond1 [ 62.413114][ T6341] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=50714 sclass=netlink_route_socket pid=6341 comm=syz.2.140 [ 62.418686][ T6346] netlink: 256 bytes leftover after parsing attributes in process `syz.3.143'. [ 62.424702][ T6341] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=6341 comm=syz.2.140 [ 62.476298][ T5935] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 62.626687][ T5935] usb 6-1: Using ep0 maxpacket: 8 [ 62.630239][ T5935] usb 6-1: config index 0 descriptor too short (expected 1307, got 27) [ 62.632792][ T5935] usb 6-1: config 0 has an invalid interface number: 0 but max is -1 [ 62.635983][ T5935] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 0 [ 62.639010][ T5935] usb 6-1: too many endpoints for config 0 interface 0 altsetting 0: 246, using maximum allowed: 30 [ 62.641941][ T6360] input: syz1 as /devices/virtual/input/input5 [ 62.642726][ T5935] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x84 has invalid maxpacket 69 [ 62.648591][ T5935] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 246 [ 62.657639][ T5935] usb 6-1: string descriptor 0 read error: -22 [ 62.664945][ T5935] usb 6-1: New USB device found, idVendor=0460, idProduct=0008, bcdDevice=e2.de [ 62.674511][ T5935] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 62.686285][ T5935] usb 6-1: config 0 descriptor?? [ 62.691845][ T6326] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 62.708074][ T5935] hub 6-1:0.0: bad descriptor, ignoring hub [ 62.710566][ T5935] hub 6-1:0.0: probe with driver hub failed with error -5 [ 62.848719][ T6371] netlink: 256 bytes leftover after parsing attributes in process `syz.3.152'. [ 62.852585][ T6371] netlink: 16 bytes leftover after parsing attributes in process `syz.3.152'. [ 62.877581][ T6374] netlink: 4 bytes leftover after parsing attributes in process `syz.0.153'. [ 62.880874][ T6374] netlink: 16 bytes leftover after parsing attributes in process `syz.0.153'. [ 63.017496][ T6011] usb 6-1: USB disconnect, device number 2 [ 63.386358][ T6011] usb 8-1: new high-speed USB device number 2 using dummy_hcd [ 63.503233][ T6404] ip6_tunnel: non-ECT from fe80:0000:0000:0000:0000:0000:0000:00aa with DS=0x71 [ 63.560355][ T6011] usb 8-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 63.563440][ T6011] usb 8-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 63.568044][ T6011] usb 8-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 63.571692][ T6011] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9 [ 63.577166][ T6011] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024 [ 63.582485][ T6011] usb 8-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 63.587659][ T6011] usb 8-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 63.591278][ T6011] usb 8-1: Product: syz [ 63.599750][ T6011] usb 8-1: Manufacturer: syz [ 63.611245][ T6011] cdc_wdm 8-1:1.0: skipping garbage [ 63.613299][ T6011] cdc_wdm 8-1:1.0: skipping garbage [ 63.634027][ T6011] cdc_wdm 8-1:1.0: cdc-wdm0: USB WDM device [ 63.637384][ T6011] cdc_wdm 8-1:1.0: Unknown control protocol [ 63.830691][ C3] cdc_wdm 8-1:1.0: nonzero urb status received: -71 [ 63.832856][ C3] cdc_wdm 8-1:1.0: wdm_int_callback - 0 bytes [ 63.835125][ C3] cdc_wdm 8-1:1.0: nonzero urb status received: -71 [ 63.837271][ C3] cdc_wdm 8-1:1.0: wdm_int_callback - 0 bytes [ 63.840245][ C3] cdc_wdm 8-1:1.0: nonzero urb status received: -71 [ 63.842469][ C3] cdc_wdm 8-1:1.0: wdm_int_callback - 0 bytes [ 63.845316][ C3] cdc_wdm 8-1:1.0: nonzero urb status received: -71 [ 63.848687][ C3] cdc_wdm 8-1:1.0: wdm_int_callback - 0 bytes [ 63.851076][ C3] cdc_wdm 8-1:1.0: nonzero urb status received: -71 [ 63.853143][ C3] cdc_wdm 8-1:1.0: wdm_int_callback - 0 bytes [ 63.855271][ C3] cdc_wdm 8-1:1.0: nonzero urb status received: -71 [ 63.857488][ C3] cdc_wdm 8-1:1.0: wdm_int_callback - 0 bytes [ 63.859600][ C3] cdc_wdm 8-1:1.0: nonzero urb status received: -71 [ 63.861679][ C3] cdc_wdm 8-1:1.0: wdm_int_callback - 0 bytes [ 63.863766][ C3] cdc_wdm 8-1:1.0: nonzero urb status received: -71 [ 63.865875][ C3] cdc_wdm 8-1:1.0: wdm_int_callback - 0 bytes [ 63.868007][ C3] cdc_wdm 8-1:1.0: nonzero urb status received: -71 [ 63.870001][ C3] cdc_wdm 8-1:1.0: wdm_int_callback - 0 bytes [ 63.872046][ C3] cdc_wdm 8-1:1.0: nonzero urb status received: -71 [ 63.874027][ C3] cdc_wdm 8-1:1.0: wdm_int_callback - 0 bytes [ 63.878904][ T34] usb 8-1: USB disconnect, device number 2 [ 63.880971][ C3] cdc_wdm 8-1:1.0: wdm_int_callback - usb_submit_urb failed with result -19 [ 64.288911][ T6422] FAULT_INJECTION: forcing a failure. [ 64.288911][ T6422] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 64.294373][ T6422] CPU: 3 UID: 0 PID: 6422 Comm: syz.0.170 Not tainted syzkaller #0 PREEMPT(full) [ 64.294395][ T6422] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 64.294406][ T6422] Call Trace: [ 64.294412][ T6422] [ 64.294423][ T6422] dump_stack_lvl+0x100/0x190 [ 64.294457][ T6422] should_fail_ex.cold+0x5/0xa [ 64.294482][ T6422] _copy_from_user+0x2e/0xd0 [ 64.294503][ T6422] input_event_from_user+0x123/0x310 [ 64.294533][ T6422] ? __pfx_input_event_from_user+0x10/0x10 [ 64.294560][ T6422] ? __pfx___might_resched+0x10/0x10 [ 64.294580][ T6422] ? input_inject_event+0x1c9/0x3b0 [ 64.294610][ T6422] evdev_write+0x342/0x610 [ 64.294640][ T6422] ? __pfx_evdev_write+0x10/0x10 [ 64.294668][ T6422] ? bpf_lsm_file_permission+0x9/0x10 [ 64.294691][ T6422] ? security_file_permission+0x76/0x210 [ 64.294729][ T6422] ? rw_verify_area+0xce/0x6d0 [ 64.294768][ T6422] vfs_write+0x2aa/0x1070 [ 64.294793][ T6422] ? __pfx_evdev_write+0x10/0x10 [ 64.294820][ T6422] ? __pfx_vfs_write+0x10/0x10 [ 64.294842][ T6422] ? find_held_lock+0x2b/0x80 [ 64.294864][ T6422] ? __fget_files+0x215/0x3d0 [ 64.294889][ T6422] ? __fget_files+0x215/0x3d0 [ 64.294919][ T6422] ? __fget_files+0x21f/0x3d0 [ 64.294952][ T6422] ksys_write+0x1f8/0x250 [ 64.294975][ T6422] ? __pfx_ksys_write+0x10/0x10 [ 64.295005][ T6422] do_syscall_64+0x106/0xf80 [ 64.295030][ T6422] ? clear_bhb_loop+0x40/0x90 [ 64.295054][ T6422] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 64.295072][ T6422] RIP: 0033:0x7fb337d9c139 [ 64.295089][ T6422] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 64.295105][ T6422] RSP: 002b:00007fb338c4c028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 64.295130][ T6422] RAX: ffffffffffffffda RBX: 00007fb338015fa0 RCX: 00007fb337d9c139 [ 64.295141][ T6422] RDX: 00000000000012d8 RSI: 0000200000000040 RDI: 0000000000000003 [ 64.295152][ T6422] RBP: 00007fb338c4c090 R08: 0000000000000000 R09: 0000000000000000 [ 64.295162][ T6422] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 64.295173][ T6422] R13: 00007fb338016038 R14: 00007fb338015fa0 R15: 00007fffa11a2108 [ 64.295197][ T6422] [ 64.376552][ T6419] netlink: 'syz.1.171': attribute type 4 has an invalid length. [ 64.483043][ T6428] binder: 6427:6428 ioctl c018620c 2000000000c0 returned -22 [ 64.485808][ T5927] Bluetooth: hci2: unexpected event 0x2f length: 509 > 260 [ 64.621493][ T6435] netlink: 'syz.1.176': attribute type 4 has an invalid length. [ 64.649518][ T6435] netlink: 'syz.1.176': attribute type 4 has an invalid length. [ 64.733027][ T6442] FAULT_INJECTION: forcing a failure. [ 64.733027][ T6442] name failslab, interval 1, probability 0, space 0, times 0 [ 64.739598][ T6442] CPU: 2 UID: 0 PID: 6442 Comm: syz.1.179 Not tainted syzkaller #0 PREEMPT(full) [ 64.739621][ T6442] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 64.739631][ T6442] Call Trace: [ 64.739637][ T6442] [ 64.739644][ T6442] dump_stack_lvl+0x100/0x190 [ 64.739695][ T6442] should_fail_ex.cold+0x5/0xa [ 64.739720][ T6442] should_failslab+0xc2/0x120 [ 64.739746][ T6442] __kmalloc_node_track_caller_noprof+0xe3/0x850 [ 64.739771][ T6442] ? sidtab_sid2str_get+0x17a/0x670 [ 64.739804][ T6442] kmemdup_noprof+0x29/0x60 [ 64.739828][ T6442] sidtab_sid2str_get+0x17a/0x670 [ 64.739850][ T6442] security_sid_to_context_core+0x35a/0x6d0 [ 64.739882][ T6442] selinux_inode_init_security+0x484/0x6a0 [ 64.739906][ T6442] ? __pfx_selinux_inode_init_security+0x10/0x10 [ 64.739924][ T6442] ? trace_kmalloc+0x101/0x130 [ 64.739948][ T6442] ? __kasan_kmalloc+0xaa/0xb0 [ 64.739972][ T6442] ? __kmalloc_noprof+0x320/0x850 [ 64.739999][ T6442] security_inode_init_security+0x1bc/0x370 [ 64.740022][ T6442] ? __pfx_shmem_initxattrs+0x10/0x10 [ 64.740049][ T6442] ? __pfx_security_inode_init_security+0x10/0x10 [ 64.740080][ T6442] shmem_mknod+0x229/0x3b0 [ 64.740102][ T6442] shmem_mkdir+0x31/0x80 [ 64.740119][ T6442] vfs_mkdir+0x361/0x850 [ 64.740145][ T6442] ovl_create_real+0x5d6/0xb80 [ 64.740173][ T6442] ovl_create_upper+0x1e5/0x5b0 [ 64.740200][ T6442] ovl_create_or_link+0x321/0x390 [ 64.740225][ T6442] ovl_create_object+0x2bf/0x3b0 [ 64.740249][ T6442] ? __pfx_ovl_create_object+0x10/0x10 [ 64.740279][ T6442] ? inode_permission+0x374/0x620 [ 64.740306][ T6442] ovl_mkdir+0x2a/0x40 [ 64.740327][ T6442] vfs_mkdir+0x361/0x850 [ 64.740353][ T6442] filename_mkdirat+0x48b/0x5e0 [ 64.740383][ T6442] ? __pfx_filename_mkdirat+0x10/0x10 [ 64.740411][ T6442] ? strncpy_from_user+0x19d/0x2d0 [ 64.740435][ T6442] ? do_getname+0x191/0x390 [ 64.740457][ T6442] __x64_sys_mkdirat+0x89/0xc0 [ 64.740484][ T6442] do_syscall_64+0x106/0xf80 [ 64.740516][ T6442] ? clear_bhb_loop+0x40/0x90 [ 64.740537][ T6442] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 64.740555][ T6442] RIP: 0033:0x7f4d4259c139 [ 64.740571][ T6442] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 64.740586][ T6442] RSP: 002b:00007f4d43462028 EFLAGS: 00000246 ORIG_RAX: 0000000000000102 [ 64.740603][ T6442] RAX: ffffffffffffffda RBX: 00007f4d42815fa0 RCX: 00007f4d4259c139 [ 64.740614][ T6442] RDX: 0000000000000000 RSI: 0000200000001dc0 RDI: ffffffffffffff9c [ 64.740624][ T6442] RBP: 00007f4d43462090 R08: 0000000000000000 R09: 0000000000000000 [ 64.740635][ T6442] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 64.740644][ T6442] R13: 00007f4d42816038 R14: 00007f4d42815fa0 R15: 00007ffec513c0a8 [ 64.740667][ T6442] [ 64.882672][ T6448] FAULT_INJECTION: forcing a failure. [ 64.882672][ T6448] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 64.888231][ T6448] CPU: 1 UID: 0 PID: 6448 Comm: syz.1.181 Not tainted syzkaller #0 PREEMPT(full) [ 64.888257][ T6448] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 64.888272][ T6448] Call Trace: [ 64.888279][ T6448] [ 64.888286][ T6448] dump_stack_lvl+0x100/0x190 [ 64.888319][ T6448] should_fail_ex.cold+0x5/0xa [ 64.888342][ T6448] _copy_from_user+0x2e/0xd0 [ 64.888366][ T6448] input_event_from_user+0x123/0x310 [ 64.888393][ T6448] ? __pfx_input_event_from_user+0x10/0x10 [ 64.888417][ T6448] ? __pfx___might_resched+0x10/0x10 [ 64.888436][ T6448] ? input_inject_event+0x1c9/0x3b0 [ 64.888463][ T6448] evdev_write+0x342/0x610 [ 64.888490][ T6448] ? __pfx_evdev_write+0x10/0x10 [ 64.888515][ T6448] ? bpf_lsm_file_permission+0x9/0x10 [ 64.888537][ T6448] ? security_file_permission+0x76/0x210 [ 64.888556][ T6448] ? rw_verify_area+0xce/0x6d0 [ 64.888578][ T6448] vfs_write+0x2aa/0x1070 [ 64.888600][ T6448] ? __pfx_evdev_write+0x10/0x10 [ 64.888627][ T6448] ? __pfx_vfs_write+0x10/0x10 [ 64.888646][ T6448] ? find_held_lock+0x2b/0x80 [ 64.888664][ T6448] ? __fget_files+0x215/0x3d0 [ 64.888689][ T6448] ? __fget_files+0x215/0x3d0 [ 64.888718][ T6448] ? __fget_files+0x21f/0x3d0 [ 64.888751][ T6448] ksys_write+0x1f8/0x250 [ 64.888775][ T6448] ? __pfx_ksys_write+0x10/0x10 [ 64.888806][ T6448] do_syscall_64+0x106/0xf80 [ 64.888830][ T6448] ? clear_bhb_loop+0x40/0x90 [ 64.888852][ T6448] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 64.888870][ T6448] RIP: 0033:0x7f4d4259c139 [ 64.888885][ T6448] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 64.888919][ T6448] RSP: 002b:00007f4d43462028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 64.888936][ T6448] RAX: ffffffffffffffda RBX: 00007f4d42815fa0 RCX: 00007f4d4259c139 [ 64.888947][ T6448] RDX: 00000000000012d8 RSI: 0000200000000040 RDI: 0000000000000003 [ 64.888956][ T6448] RBP: 00007f4d43462090 R08: 0000000000000000 R09: 0000000000000000 [ 64.888966][ T6448] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 64.888976][ T6448] R13: 00007f4d42816038 R14: 00007f4d42815fa0 R15: 00007ffec513c0a8 [ 64.888999][ T6448] [ 65.003706][ T6455] can0: slcan on ttynull. [ 65.019111][ T6457] rdma_rxe: rxe_newlink: failed to add syz_tun [ 65.071416][ T6465] FAULT_INJECTION: forcing a failure. [ 65.071416][ T6465] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 65.078631][ T6465] CPU: 2 UID: 0 PID: 6465 Comm: syz.1.186 Not tainted syzkaller #0 PREEMPT(full) [ 65.078647][ T6465] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 65.078653][ T6465] Call Trace: [ 65.078657][ T6465] [ 65.078661][ T6465] dump_stack_lvl+0x100/0x190 [ 65.078681][ T6465] should_fail_ex.cold+0x5/0xa [ 65.078696][ T6465] _copy_from_iter+0x1f4/0x1690 [ 65.078712][ T6465] ? alloc_pages_mpol+0x25a/0x550 [ 65.078727][ T6465] ? __pfx__copy_from_iter+0x10/0x10 [ 65.078740][ T6465] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 65.078760][ T6465] copy_page_from_iter+0xde/0x180 [ 65.078774][ T6465] tun_build_skb.constprop.0+0x2ea/0x15d0 [ 65.078791][ T6465] ? __pfx_tun_build_skb.constprop.0+0x10/0x10 [ 65.078802][ T6465] ? unwind_get_return_address+0x59/0xa0 [ 65.078815][ T6465] ? arch_stack_walk+0xa6/0xf0 [ 65.078833][ T6465] ? _kstrtoull+0x13c/0x1f0 [ 65.078848][ T6465] ? __pfx__kstrtoull+0x10/0x10 [ 65.078865][ T6465] tun_get_user+0x16d0/0x3e10 [ 65.078880][ T6465] ? __pfx_tun_get_user+0x10/0x10 [ 65.078892][ T6465] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 65.078910][ T6465] ? find_held_lock+0x2b/0x80 [ 65.078922][ T6465] ? tun_get+0x191/0x370 [ 65.078930][ T6465] ? tun_get+0x191/0x370 [ 65.078942][ T6465] tun_chr_write_iter+0xdc/0x200 [ 65.078954][ T6465] vfs_write+0x6ac/0x1070 [ 65.078970][ T6465] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 65.078982][ T6465] ? __pfx_vfs_write+0x10/0x10 [ 65.078994][ T6465] ? find_held_lock+0x2b/0x80 [ 65.079014][ T6465] ksys_write+0x12a/0x250 [ 65.079028][ T6465] ? __pfx_ksys_write+0x10/0x10 [ 65.079045][ T6465] do_syscall_64+0x106/0xf80 [ 65.079059][ T6465] ? clear_bhb_loop+0x40/0x90 [ 65.079072][ T6465] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 65.079085][ T6465] RIP: 0033:0x7f4d4255ca0e [ 65.079094][ T6465] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 65.079103][ T6465] RSP: 002b:00007f4d43461fb8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 65.079114][ T6465] RAX: ffffffffffffffda RBX: 00007f4d434626c0 RCX: 00007f4d4255ca0e [ 65.079120][ T6465] RDX: 0000000000000076 RSI: 0000200000000080 RDI: 00000000000000c8 [ 65.079126][ T6465] RBP: 00007f4d43462090 R08: 0000000000000000 R09: 0000000000000000 [ 65.079132][ T6465] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 65.079137][ T6465] R13: 00007f4d42816038 R14: 00007f4d42815fa0 R15: 00007ffec513c0a8 [ 65.079150][ T6465] [ 65.324273][ T6485] FAULT_INJECTION: forcing a failure. [ 65.324273][ T6485] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 65.331724][ T6485] CPU: 3 UID: 0 PID: 6485 Comm: syz.0.195 Not tainted syzkaller #0 PREEMPT(full) [ 65.331750][ T6485] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 65.331760][ T6485] Call Trace: [ 65.331766][ T6485] [ 65.331774][ T6485] dump_stack_lvl+0x100/0x190 [ 65.331808][ T6485] should_fail_ex.cold+0x5/0xa [ 65.331832][ T6485] _copy_from_user+0x2e/0xd0 [ 65.331855][ T6485] input_event_from_user+0x123/0x310 [ 65.331884][ T6485] ? __pfx_input_event_from_user+0x10/0x10 [ 65.331911][ T6485] ? __pfx___might_resched+0x10/0x10 [ 65.331929][ T6485] ? input_inject_event+0x1c9/0x3b0 [ 65.331958][ T6485] evdev_write+0x342/0x610 [ 65.331989][ T6485] ? __pfx_evdev_write+0x10/0x10 [ 65.332016][ T6485] ? bpf_lsm_file_permission+0x9/0x10 [ 65.332039][ T6485] ? security_file_permission+0x76/0x210 [ 65.332058][ T6485] ? rw_verify_area+0xce/0x6d0 [ 65.332088][ T6485] vfs_write+0x2aa/0x1070 [ 65.332112][ T6485] ? __pfx_evdev_write+0x10/0x10 [ 65.332138][ T6485] ? __pfx_vfs_write+0x10/0x10 [ 65.332159][ T6485] ? find_held_lock+0x2b/0x80 [ 65.332179][ T6485] ? __fget_files+0x215/0x3d0 [ 65.332204][ T6485] ? __fget_files+0x215/0x3d0 [ 65.332233][ T6485] ? __fget_files+0x21f/0x3d0 [ 65.332266][ T6485] ksys_write+0x1f8/0x250 [ 65.332289][ T6485] ? __pfx_ksys_write+0x10/0x10 [ 65.332319][ T6485] do_syscall_64+0x106/0xf80 [ 65.332342][ T6485] ? clear_bhb_loop+0x40/0x90 [ 65.332367][ T6485] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 65.332389][ T6485] RIP: 0033:0x7fb337d9c139 [ 65.332404][ T6485] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 65.332420][ T6485] RSP: 002b:00007fb338c4c028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 65.332437][ T6485] RAX: ffffffffffffffda RBX: 00007fb338015fa0 RCX: 00007fb337d9c139 [ 65.332448][ T6485] RDX: 00000000000012d8 RSI: 0000200000000040 RDI: 0000000000000003 [ 65.332458][ T6485] RBP: 00007fb338c4c090 R08: 0000000000000000 R09: 0000000000000000 [ 65.332468][ T6485] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 65.332477][ T6485] R13: 00007fb338016038 R14: 00007fb338015fa0 R15: 00007fffa11a2108 [ 65.332501][ T6485] [ 65.363127][ T40] kauditd_printk_skb: 113 callbacks suppressed [ 65.363138][ T40] audit: type=1400 audit(1771338650.939:376): avc: denied { watch watch_reads } for pid=6488 comm="syz.3.187" path="pipe:[12490]" dev="pipefs" ino=12490 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=fifo_file permissive=1 [ 65.365238][ T6489] overlayfs: failed to resolve './file1': -2 [ 65.397101][ T40] audit: type=1400 audit(1771338650.999:377): avc: denied { mount } for pid=6490 comm="syz.0.197" name="/" dev="fuse" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=filesystem permissive=1 [ 65.443511][ T40] audit: type=1400 audit(1771338650.999:378): avc: denied { lock } for pid=6490 comm="syz.0.197" path="/dev/fuse" dev="devtmpfs" ino=105 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fuse_device_t tclass=chr_file permissive=1 [ 65.452042][ T40] audit: type=1400 audit(1771338650.999:379): avc: denied { ioctl } for pid=6486 comm="syz.1.196" path="socket:[13484]" dev="sockfs" ino=13484 ioctlcmd=0x89e0 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1 [ 65.459592][ T40] audit: type=1400 audit(1771338651.049:380): avc: denied { read write } for pid=6486 comm="syz.1.196" name="vhost-vsock" dev="devtmpfs" ino=1301 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1 [ 65.467622][ T40] audit: type=1400 audit(1771338651.049:381): avc: denied { open } for pid=6486 comm="syz.1.196" path="/dev/vhost-vsock" dev="devtmpfs" ino=1301 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1 [ 65.474792][ T40] audit: type=1400 audit(1771338651.049:382): avc: denied { ioctl } for pid=6486 comm="syz.1.196" path="/dev/vhost-vsock" dev="devtmpfs" ino=1301 ioctlcmd=0xaf85 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1 [ 65.483216][ T40] audit: type=1400 audit(1771338651.049:383): avc: denied { write } for pid=6490 comm="syz.0.197" name="file0" dev="fuse" ino=64 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=chr_file permissive=1 [ 65.490089][ T40] audit: type=1400 audit(1771338651.049:384): avc: denied { open } for pid=6490 comm="syz.0.197" path="/40/file0/file0" dev="fuse" ino=64 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=chr_file permissive=1 [ 65.630685][ T6510] geneve1: entered allmulticast mode [ 65.639804][ T6011] libceph: connect (1)[c::]:6789 error -101 [ 65.643117][ T6011] libceph: mon0 (1)[c::]:6789 connect error [ 65.665796][ T6512] netlink: 'syz.1.201': attribute type 1 has an invalid length. [ 65.696423][ T29] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 65.758406][ T40] audit: type=1400 audit(1771338651.359:385): avc: denied { open } for pid=6515 comm="syz.3.204" path="/dev/ptyqb" dev="devtmpfs" ino=138 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bsdpty_device_t tclass=chr_file permissive=1 [ 65.867130][ T29] usb 5-1: Using ep0 maxpacket: 32 [ 65.874812][ T29] usb 5-1: config 155 has an invalid descriptor of length 0, skipping remainder of the config [ 65.878790][ T29] usb 5-1: config 155 interface 0 altsetting 0 has an endpoint descriptor with address 0xE2, changing to 0x82 [ 65.884863][ T29] usb 5-1: config 155 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 65.889175][ T29] usb 5-1: config 155 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 11 [ 65.897136][ T29] usb 5-1: New USB device found, idVendor=15c2, idProduct=ffdc, bcdDevice=bd.30 [ 65.900508][ T29] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 65.903806][ T29] usb 5-1: Product: syz [ 65.905394][ T29] usb 5-1: Manufacturer: syz [ 65.908646][ T6011] libceph: connect (1)[c::]:6789 error -101 [ 65.911262][ T6011] libceph: mon0 (1)[c::]:6789 connect error [ 65.915953][ T29] usb 5-1: SerialNumber: syz [ 65.929867][ T6454] can0 (unregistered): slcan off ttynull. [ 65.937152][ C1] imon 5-1:155.0: imon usb_rx_callback_intf0: status(-71) [ 65.944211][ T29] input: iMON Panel, Knob and Mouse(15c2:ffdc) as /devices/platform/dummy_hcd.0/usb5/5-1/5-1:155.0/input/input6 [ 66.062265][ T6538] bridge1: trying to set multicast query interval below minimum, setting to 100 (1000ms) [ 66.146590][ T29] imon 5-1:155.0: Unknown 0xffdc device, defaulting to VFD and iMON IR [ 66.149611][ T29] (id 0x00) [ 66.197402][ T29] rc_core: IR keymap rc-imon-pad not found [ 66.199190][ T29] Registered IR keymap rc-empty [ 66.201122][ T29] imon 5-1:155.0: Looks like you're trying to use an IR protocol this device does not support [ 66.204386][ T29] imon 5-1:155.0: Unsupported IR protocol specified, overriding to iMON IR protocol [ 66.326345][ T34] usb 7-1: new high-speed USB device number 2 using dummy_hcd [ 66.337342][ T29] rc rc0: iMON Remote (15c2:ffdc) as /devices/platform/dummy_hcd.0/usb5/5-1/5-1:155.0/rc/rc0 [ 66.342232][ T29] input: iMON Remote (15c2:ffdc) as /devices/platform/dummy_hcd.0/usb5/5-1/5-1:155.0/rc/rc0/input7 [ 66.350968][ T29] imon 5-1:155.0: iMON device (15c2:ffdc, intf0) on usb<5:3> initialized [ 66.418757][ T29] libceph: connect (1)[c::]:6789 error -101 [ 66.421466][ T29] libceph: mon0 (1)[c::]:6789 connect error [ 66.436110][ T6505] ceph: No mds server is up or the cluster is laggy [ 66.497281][ T34] usb 7-1: Using ep0 maxpacket: 32 [ 66.502278][ T34] usb 7-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 8 [ 66.508837][ T34] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 66.512366][ T34] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 66.515265][ T34] usb 7-1: Product: 㼿묟檉耻ﷰ䇜㌯墑緟盤䧟뚕圵៯磆⻻暱崜㝣역됬–잏㉔⏜鄞䁃䳪뎟‚骅喟ெ䱠୶ᤈ哠 [ 66.521490][ T34] usb 7-1: Manufacturer: ᐉ [ 66.523487][ T34] usb 7-1: SerialNumber: syz [ 66.524609][ T29] usb 5-1: USB disconnect, device number 3 [ 66.682791][ T6555] FAULT_INJECTION: forcing a failure. [ 66.682791][ T6555] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 66.687870][ T6555] CPU: 1 UID: 0 PID: 6555 Comm: syz.1.214 Not tainted syzkaller #0 PREEMPT(full) [ 66.687895][ T6555] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 66.687905][ T6555] Call Trace: [ 66.687912][ T6555] [ 66.687920][ T6555] dump_stack_lvl+0x100/0x190 [ 66.687952][ T6555] should_fail_ex.cold+0x5/0xa [ 66.687975][ T6555] _copy_from_user+0x2e/0xd0 [ 66.687997][ T6555] copy_msghdr_from_user+0x9f/0x4f0 [ 66.688027][ T6555] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 66.688056][ T6555] ___sys_sendmsg+0x106/0x1e0 [ 66.688075][ T6555] ? __pfx____sys_sendmsg+0x10/0x10 [ 66.688120][ T6555] __sys_sendmsg+0x170/0x220 [ 66.688143][ T6555] ? __pfx___sys_sendmsg+0x10/0x10 [ 66.688180][ T6555] do_syscall_64+0x106/0xf80 [ 66.688204][ T6555] ? clear_bhb_loop+0x40/0x90 [ 66.688229][ T6555] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 66.688247][ T6555] RIP: 0033:0x7f4d4259c139 [ 66.688261][ T6555] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 66.688276][ T6555] RSP: 002b:00007f4d43462028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 66.688293][ T6555] RAX: ffffffffffffffda RBX: 00007f4d42815fa0 RCX: 00007f4d4259c139 [ 66.688304][ T6555] RDX: 0000000000008000 RSI: 0000200000000440 RDI: 0000000000000003 [ 66.688314][ T6555] RBP: 00007f4d43462090 R08: 0000000000000000 R09: 0000000000000000 [ 66.688325][ T6555] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 66.688335][ T6555] R13: 00007f4d42816038 R14: 00007f4d42815fa0 R15: 00007ffec513c0a8 [ 66.688358][ T6555] [ 66.943337][ T34] cdc_ncm 7-1:1.0: bind() failure [ 66.949318][ T34] cdc_ncm 7-1:1.1: CDC Union missing and no IAD found [ 66.952506][ T34] cdc_ncm 7-1:1.1: bind() failure [ 66.959601][ T34] usb 7-1: USB disconnect, device number 2 [ 67.243326][ T6573] syz1: rxe_newlink: already configured on syz_tun [ 67.288883][ T6577] ip6_tunnel: non-ECT from fe80:0000:0000:0000:0000:0000:0000:00aa with DS=0x71 [ 67.301562][ T6577] __nla_validate_parse: 3 callbacks suppressed [ 67.301593][ T6577] netlink: 8 bytes leftover after parsing attributes in process `syz.0.224'. [ 67.608665][ T53] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 67.647538][ T6606] sg_write: data in/out 63015/14 bytes for SCSI command 0x0-- guessing data in; [ 67.647538][ T6606] program syz.3.231 not setting count and/or reply_len properly [ 67.674289][ T6606] (syz.3.231,6606,3):ocfs2_get_sector:1714 ERROR: status = -5 [ 67.674293][ T6608] netlink: 36 bytes leftover after parsing attributes in process `syz.1.233'. [ 67.674320][ T6606] (syz.3.231,6606,3):ocfs2_sb_probe:753 ERROR: status = -5 [ 67.685938][ T6606] (syz.3.231,6606,3):ocfs2_fill_super:989 ERROR: superblock probe failed! [ 67.689205][ T6606] (syz.3.231,6606,3):ocfs2_fill_super:1177 ERROR: status = -5 [ 67.763111][ T5929] Bluetooth: hci1: hardware error 0x01 [ 67.766341][ T53] usb 5-1: Using ep0 maxpacket: 8 [ 67.774545][ T53] usb 5-1: config 0 has no interfaces? [ 67.777550][ T53] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 67.781612][ T53] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 67.791207][ T53] usb 5-1: config 0 descriptor?? [ 67.813633][ T6619] ref_tracker: memory allocation failure, unreliable refcount tracker. [ 67.816818][ T6619] rdma_rxe: rxe_newlink: failed to add syz_tun [ 67.894129][ T6627] trusted_key: encrypted_key: insufficient parameters specified [ 67.899255][ T6627] trusted_key: encrypted_key: master key parameter 'dafault' is invalid [ 67.902444][ T6627] IPv6: NLM_F_CREATE should be specified when creating new route [ 67.945872][ T6635] netlink: 'syz.3.244': attribute type 11 has an invalid length. [ 67.949522][ T6635] netlink: 'syz.3.244': attribute type 11 has an invalid length. [ 67.952089][ T6635] netlink: 224 bytes leftover after parsing attributes in process `syz.3.244'. [ 68.020990][ T34] usb 5-1: USB disconnect, device number 4 [ 68.175451][ T830] IPVS: starting estimator thread 0... [ 68.180647][ T6659] tipc: Started in network mode [ 68.182325][ T6659] tipc: Node identity ac1414aa, cluster identity 4711 [ 68.185452][ T6659] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 68.188805][ T6659] tipc: Enabled bearer , priority 10 [ 68.266543][ T6660] IPVS: using max 45 ests per chain, 108000 per kthread [ 68.317319][ C3] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 68.435984][ T6680] netlink: 'syz.2.257': attribute type 1 has an invalid length. [ 68.456281][ C3] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 68.540432][ T6680] bond2: (slave geneve2): making interface the new active one [ 68.543824][ T6680] bond2: (slave geneve2): Enslaving as an active interface with an up link [ 68.547232][ T618] netdevsim netdevsim2 netdevsim0: set [1, 1] type 2 family 0 port 20004 - 0 [ 68.553343][ T618] netdevsim netdevsim2 netdevsim1: set [1, 1] type 2 family 0 port 20004 - 0 [ 68.558252][ T618] netdevsim netdevsim2 netdevsim2: set [1, 1] type 2 family 0 port 20004 - 0 [ 68.562008][ T618] netdevsim netdevsim2 netdevsim3: set [1, 1] type 2 family 0 port 20004 - 0 [ 68.596270][ C3] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 68.608325][ T6684] Sensor A: ================= START STATUS ================= [ 68.611593][ T6684] Sensor A: Test Pattern: 75% Colorbar [ 68.614796][ T6684] Sensor A: Show Information: All [ 68.617171][ T6684] Sensor A: Vertical Flip: false [ 68.619377][ T6684] Sensor A: Horizontal Flip: false [ 68.622283][ T6684] Sensor A: Brightness: 128 [ 68.625180][ T6684] Sensor A: Contrast: 128 [ 68.629337][ T6684] Sensor A: Hue: 0 [ 68.631090][ T6684] Sensor A: Saturation: 128 [ 68.633073][ T6684] Sensor A: ================== END STATUS ================== [ 68.736362][ C3] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 68.758843][ T6692] netlink: 12 bytes leftover after parsing attributes in process `syz.0.262'. [ 68.791810][ T6696] tmpfs: Unknown parameter 'gpquota_block_hardlimit' [ 68.794959][ T6696] IPVS: set_ctl: invalid protocol: 135 172.20.20.170:20002 [ 68.833104][ T6698] rdma_rxe: rxe_newlink: failed to add syz_tun [ 68.861374][ T6700] FAULT_INJECTION: forcing a failure. [ 68.861374][ T6700] name failslab, interval 1, probability 0, space 0, times 0 [ 68.866674][ T6700] CPU: 2 UID: 0 PID: 6700 Comm: syz.2.266 Not tainted syzkaller #0 PREEMPT(full) [ 68.866697][ T6700] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 68.866708][ T6700] Call Trace: [ 68.866714][ T6700] [ 68.866721][ T6700] dump_stack_lvl+0x100/0x190 [ 68.866753][ T6700] should_fail_ex.cold+0x5/0xa [ 68.866776][ T6700] should_failslab+0xc2/0x120 [ 68.866802][ T6700] kmem_cache_alloc_node_noprof+0x81/0x6f0 [ 68.866823][ T6700] ? __alloc_skb+0x140/0x710 [ 68.866849][ T6700] __alloc_skb+0x140/0x710 [ 68.866869][ T6700] ? __alloc_skb+0x5b7/0x710 [ 68.866889][ T6700] ? __pfx___alloc_skb+0x10/0x10 [ 68.866909][ T6700] ? up_write+0x290/0x4f0 [ 68.866932][ T6700] alloc_skb_with_frags+0xe0/0x810 [ 68.866964][ T6700] sock_alloc_send_pskb+0x801/0x980 [ 68.866985][ T6700] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 68.867014][ T6700] ? __pfx_sock_alloc_send_pskb+0x10/0x10 [ 68.867034][ T6700] ? find_held_lock+0x2b/0x80 [ 68.867053][ T6700] ? dev_get_by_index+0x180/0x380 [ 68.867081][ T6700] ? dev_get_by_index+0x180/0x380 [ 68.867109][ T6700] packet_sendmsg+0x20e0/0x53c0 [ 68.867131][ T6700] ? avc_has_perm+0x120/0x1e0 [ 68.867158][ T6700] ? __lock_acquire+0x4a5/0x2630 [ 68.867188][ T6700] ? sock_has_perm+0x258/0x2f0 [ 68.867212][ T6700] ? __pfx_sock_has_perm+0x10/0x10 [ 68.867238][ T6700] ? __pfx_packet_sendmsg+0x10/0x10 [ 68.867271][ T6700] ____sys_sendmsg+0xa54/0xc30 [ 68.867301][ T6700] ? __pfx_____sys_sendmsg+0x10/0x10 [ 68.867338][ T6700] ___sys_sendmsg+0x190/0x1e0 [ 68.867358][ T6700] ? __pfx____sys_sendmsg+0x10/0x10 [ 68.867404][ T6700] __sys_sendmsg+0x170/0x220 [ 68.867428][ T6700] ? __pfx___sys_sendmsg+0x10/0x10 [ 68.867466][ T6700] do_syscall_64+0x106/0xf80 [ 68.867491][ T6700] ? clear_bhb_loop+0x40/0x90 [ 68.867512][ T6700] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 68.867530][ T6700] RIP: 0033:0x7f301c19c139 [ 68.867545][ T6700] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 68.867561][ T6700] RSP: 002b:00007f301d0af028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 68.867577][ T6700] RAX: ffffffffffffffda RBX: 00007f301c415fa0 RCX: 00007f301c19c139 [ 68.867588][ T6700] RDX: 0000000000008000 RSI: 0000200000000440 RDI: 0000000000000003 [ 68.867598][ T6700] RBP: 00007f301d0af090 R08: 0000000000000000 R09: 0000000000000000 [ 68.867608][ T6700] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 68.867618][ T6700] R13: 00007f301c416038 R14: 00007f301c415fa0 R15: 00007ffdc740a888 [ 68.867654][ T6700] [ 68.876324][ C3] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 68.988371][ T6706] ip6_tunnel: non-ECT from fe80:0000:0000:0000:0000:0000:0000:00aa with DS=0x71 [ 69.000087][ T6706] netlink: 8 bytes leftover after parsing attributes in process `syz.2.269'. [ 69.026289][ C3] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 69.095951][ T5927] Bluetooth: hci1: unexpected event 0x2f length: 509 > 260 [ 69.153374][ T6716] overlayfs: upper fs does not support file handles, falling back to index=off. [ 69.178012][ T830] tipc: Node number set to 2886997162 [ 69.199769][ T6723] FAULT_INJECTION: forcing a failure. [ 69.199769][ T6723] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 69.205194][ T6723] CPU: 2 UID: 0 PID: 6723 Comm: syz.3.276 Not tainted syzkaller #0 PREEMPT(full) [ 69.205218][ T6723] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 69.205227][ T6723] Call Trace: [ 69.205235][ T6723] [ 69.205242][ T6723] dump_stack_lvl+0x100/0x190 [ 69.205270][ T6723] should_fail_ex.cold+0x5/0xa [ 69.205297][ T6723] _copy_from_user+0x2e/0xd0 [ 69.205319][ T6723] do_sys_poll+0x345/0xeb0 [ 69.205340][ T6723] ? bpf_ksym_find+0x128/0x1c0 [ 69.205361][ T6723] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 69.205376][ T6723] ? is_bpf_text_address+0x94/0x1a0 [ 69.205390][ T6723] ? kernel_text_address+0x8d/0x100 [ 69.205402][ T6723] ? __pfx_do_sys_poll+0x10/0x10 [ 69.205416][ T6723] ? arch_stack_walk+0xa6/0xf0 [ 69.205461][ T6723] ? __mutex_unlock_slowpath+0x15c/0x790 [ 69.205478][ T6723] ? __fget_files+0x215/0x3d0 [ 69.205492][ T6723] ? set_user_sigmask+0x1e1/0x270 [ 69.205503][ T6723] ? __pfx_set_user_sigmask+0x10/0x10 [ 69.205517][ T6723] __x64_sys_ppoll+0x2b5/0x350 [ 69.205535][ T6723] ? __pfx___x64_sys_ppoll+0x10/0x10 [ 69.205550][ T6723] ? ksys_write+0x1ac/0x250 [ 69.205563][ T6723] ? __pfx_ksys_write+0x10/0x10 [ 69.205581][ T6723] do_syscall_64+0x106/0xf80 [ 69.205595][ T6723] ? clear_bhb_loop+0x40/0x90 [ 69.205609][ T6723] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 69.205619][ T6723] RIP: 0033:0x7ffac639c139 [ 69.205629][ T6723] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 69.205639][ T6723] RSP: 002b:00007ffac71bb028 EFLAGS: 00000246 ORIG_RAX: 000000000000010f [ 69.205650][ T6723] RAX: ffffffffffffffda RBX: 00007ffac6615fa0 RCX: 00007ffac639c139 [ 69.205656][ T6723] RDX: 0000000000000000 RSI: 20000000000000dc RDI: 00002000000000c0 [ 69.205663][ T6723] RBP: 00007ffac71bb090 R08: 0000000000000000 R09: 0000000000000000 [ 69.205668][ T6723] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 69.205674][ T6723] R13: 00007ffac6616038 R14: 00007ffac6615fa0 R15: 00007ffc621f48a8 [ 69.205686][ T6723] [ 69.316275][ C3] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 69.316911][ T6726] ip6_tunnel: non-ECT from fe80:0000:0000:0000:0000:0000:0000:00aa with DS=0x71 [ 69.328515][ T6726] netlink: 8 bytes leftover after parsing attributes in process `syz.3.278'. [ 69.337273][ T6728] netlink: 9 bytes leftover after parsing attributes in process `syz.2.279'. [ 69.370926][ T6731] FAULT_INJECTION: forcing a failure. [ 69.370926][ T6731] name failslab, interval 1, probability 0, space 0, times 0 [ 69.375556][ T6731] CPU: 1 UID: 0 PID: 6731 Comm: syz.3.281 Not tainted syzkaller #0 PREEMPT(full) [ 69.375572][ T6731] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 69.375578][ T6731] Call Trace: [ 69.375583][ T6731] [ 69.375587][ T6731] dump_stack_lvl+0x100/0x190 [ 69.375608][ T6731] should_fail_ex.cold+0x5/0xa [ 69.375623][ T6731] should_failslab+0xc2/0x120 [ 69.375639][ T6731] __kmalloc_node_track_caller_noprof+0xe3/0x850 [ 69.375653][ T6731] ? security_context_to_sid_core+0x7b8/0x870 [ 69.375674][ T6731] kstrdup+0x51/0xe0 [ 69.375688][ T6731] security_context_to_sid_core+0x7b8/0x870 [ 69.375707][ T6731] ? __pfx_security_context_to_sid_core+0x10/0x10 [ 69.375733][ T6731] inode_doinit_use_xattr+0x105/0x330 [ 69.375749][ T6731] inode_doinit_with_dentry+0xb60/0x1320 [ 69.375769][ T6731] ? __pfx_inode_doinit_with_dentry+0x10/0x10 [ 69.375789][ T6731] ? __pfx_ovl_get_inode+0x10/0x10 [ 69.375801][ T6731] selinux_d_instantiate+0x26/0x40 [ 69.375818][ T6731] security_d_instantiate+0x14c/0x1b0 [ 69.375832][ T6731] d_instantiate+0x5e/0xb0 [ 69.375844][ T6731] ovl_instantiate+0x1be/0x2a0 [ 69.375856][ T6731] ? ovl_copyattr+0x44a/0x590 [ 69.375872][ T6731] ? __pfx_ovl_instantiate+0x10/0x10 [ 69.375885][ T6731] ? __pfx_ovl_copyattr+0x10/0x10 [ 69.375906][ T6731] ovl_create_upper+0x2d4/0x5b0 [ 69.375922][ T6731] ovl_create_or_link+0x321/0x390 [ 69.375937][ T6731] ovl_create_object+0x2bf/0x3b0 [ 69.375951][ T6731] ? __pfx_ovl_create_object+0x10/0x10 [ 69.375966][ T6731] ? inode_permission+0x374/0x620 [ 69.375981][ T6731] ovl_mkdir+0x2a/0x40 [ 69.375994][ T6731] vfs_mkdir+0x361/0x850 [ 69.376008][ T6731] filename_mkdirat+0x48b/0x5e0 [ 69.376027][ T6731] ? __pfx_filename_mkdirat+0x10/0x10 [ 69.376044][ T6731] ? strncpy_from_user+0x19d/0x2d0 [ 69.376059][ T6731] ? do_getname+0x191/0x390 [ 69.376071][ T6731] __x64_sys_mkdirat+0x89/0xc0 [ 69.376088][ T6731] do_syscall_64+0x106/0xf80 [ 69.376104][ T6731] ? clear_bhb_loop+0x40/0x90 [ 69.376116][ T6731] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 69.376127][ T6731] RIP: 0033:0x7ffac639c139 [ 69.376137][ T6731] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 69.376147][ T6731] RSP: 002b:00007ffac71bb028 EFLAGS: 00000246 ORIG_RAX: 0000000000000102 [ 69.376158][ T6731] RAX: ffffffffffffffda RBX: 00007ffac6615fa0 RCX: 00007ffac639c139 [ 69.376164][ T6731] RDX: 0000000000000000 RSI: 0000200000001dc0 RDI: ffffffffffffff9c [ 69.376170][ T6731] RBP: 00007ffac71bb090 R08: 0000000000000000 R09: 0000000000000000 [ 69.376176][ T6731] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 69.376182][ T6731] R13: 00007ffac6616038 R14: 00007ffac6615fa0 R15: 00007ffc621f48a8 [ 69.376213][ T6731] [ 69.491926][ T6731] SELinux: inode_doinit_use_xattr: context_to_sid(root:object_r:user_tmpfs_t) returned 12 for dev=overlay ino=542 [ 69.586289][ C3] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 69.776085][ T6749] ip6_tunnel: non-ECT from fe80:0000:0000:0000:0000:0000:0000:00aa with DS=0x71 [ 69.795220][ T6749] netlink: 8 bytes leftover after parsing attributes in process `syz.2.290'. [ 69.809049][ T6751] FAULT_INJECTION: forcing a failure. [ 69.809049][ T6751] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 69.813063][ T6751] CPU: 2 UID: 0 PID: 6751 Comm: syz.0.288 Not tainted syzkaller #0 PREEMPT(full) [ 69.813079][ T6751] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 69.813085][ T6751] Call Trace: [ 69.813090][ T6751] [ 69.813096][ T6751] dump_stack_lvl+0x100/0x190 [ 69.813124][ T6751] should_fail_ex.cold+0x5/0xa [ 69.813145][ T6751] _copy_from_user+0x2e/0xd0 [ 69.813166][ T6751] input_event_from_user+0x123/0x310 [ 69.813192][ T6751] ? __pfx_input_event_from_user+0x10/0x10 [ 69.813215][ T6751] ? __pfx___might_resched+0x10/0x10 [ 69.813227][ T6751] ? input_inject_event+0x1c9/0x3b0 [ 69.813245][ T6751] evdev_write+0x342/0x610 [ 69.813263][ T6751] ? __pfx_evdev_write+0x10/0x10 [ 69.813280][ T6751] ? bpf_lsm_file_permission+0x9/0x10 [ 69.813295][ T6751] ? security_file_permission+0x76/0x210 [ 69.813307][ T6751] ? rw_verify_area+0xce/0x6d0 [ 69.813320][ T6751] vfs_write+0x2aa/0x1070 [ 69.813335][ T6751] ? __pfx_evdev_write+0x10/0x10 [ 69.813352][ T6751] ? __pfx_vfs_write+0x10/0x10 [ 69.813365][ T6751] ? find_held_lock+0x2b/0x80 [ 69.813378][ T6751] ? __fget_files+0x215/0x3d0 [ 69.813393][ T6751] ? __fget_files+0x215/0x3d0 [ 69.813411][ T6751] ? __fget_files+0x21f/0x3d0 [ 69.813430][ T6751] ksys_write+0x1f8/0x250 [ 69.813444][ T6751] ? __pfx_ksys_write+0x10/0x10 [ 69.813462][ T6751] do_syscall_64+0x106/0xf80 [ 69.813477][ T6751] ? clear_bhb_loop+0x40/0x90 [ 69.813490][ T6751] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 69.813501][ T6751] RIP: 0033:0x7fb337d9c139 [ 69.813511][ T6751] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 69.813521][ T6751] RSP: 002b:00007fb338c4c028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 69.813533][ T6751] RAX: ffffffffffffffda RBX: 00007fb338015fa0 RCX: 00007fb337d9c139 [ 69.813539][ T6751] RDX: 00000000000012d8 RSI: 0000200000000040 RDI: 0000000000000003 [ 69.813545][ T6751] RBP: 00007fb338c4c090 R08: 0000000000000000 R09: 0000000000000000 [ 69.813551][ T6751] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 69.813557][ T6751] R13: 00007fb338016038 R14: 00007fb338015fa0 R15: 00007fffa11a2108 [ 69.813570][ T6751] [ 69.876309][ T5929] Bluetooth: hci1: Opcode 0x0c03 failed: -110 [ 69.926635][ T5929] Bluetooth: hci1: hardware error 0x01 [ 70.018811][ T6772] netlink: 'syz.3.297': attribute type 1 has an invalid length. [ 70.022806][ T6772] netlink: 228 bytes leftover after parsing attributes in process `syz.3.297'. [ 70.084273][ T1143] nci: nci_extract_activation_params_nfc_dep: unsupported activation_rf_tech_and_mode 0x6 [ 70.126322][ C3] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 70.136421][ T6781] FAULT_INJECTION: forcing a failure. [ 70.136421][ T6781] name failslab, interval 1, probability 0, space 0, times 0 [ 70.140466][ T6781] CPU: 3 UID: 0 PID: 6781 Comm: syz.3.300 Not tainted syzkaller #0 PREEMPT(full) [ 70.140486][ T6781] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 70.140494][ T6781] Call Trace: [ 70.140498][ T6781] [ 70.140502][ T6781] dump_stack_lvl+0x100/0x190 [ 70.140526][ T6781] should_fail_ex.cold+0x5/0xa [ 70.140542][ T6781] should_failslab+0xc2/0x120 [ 70.140558][ T6781] kmem_cache_alloc_node_noprof+0x81/0x6f0 [ 70.140574][ T6781] ? __alloc_skb+0x140/0x710 [ 70.140589][ T6781] __alloc_skb+0x140/0x710 [ 70.140601][ T6781] ? __alloc_skb+0x5b7/0x710 [ 70.140614][ T6781] ? __pfx___alloc_skb+0x10/0x10 [ 70.140626][ T6781] ? trace_contention_end+0x140/0x180 [ 70.140640][ T6781] nl80211_tx_mgmt+0x91b/0xf00 [ 70.140659][ T6781] ? __pfx_nl80211_tx_mgmt+0x10/0x10 [ 70.140689][ T6781] ? __pfx_netdev_run_todo+0x10/0x10 [ 70.140714][ T6781] ? nl80211_pre_doit+0x19a/0xae0 [ 70.140729][ T6781] genl_family_rcv_msg_doit+0x214/0x300 [ 70.140742][ T6781] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 70.140757][ T6781] ? bpf_lsm_capable+0x9/0x10 [ 70.140772][ T6781] ? security_capable+0x80/0x260 [ 70.140787][ T6781] ? ns_capable+0xd2/0xf0 [ 70.140800][ T6781] genl_rcv_msg+0x560/0x800 [ 70.140813][ T6781] ? __pfx_genl_rcv_msg+0x10/0x10 [ 70.140823][ T6781] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 70.140835][ T6781] ? __pfx_nl80211_tx_mgmt+0x10/0x10 [ 70.140850][ T6781] ? __pfx_nl80211_post_doit+0x10/0x10 [ 70.140868][ T6781] netlink_rcv_skb+0x159/0x420 [ 70.140884][ T6781] ? __pfx_genl_rcv_msg+0x10/0x10 [ 70.140895][ T6781] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 70.140916][ T6781] ? netlink_deliver_tap+0x1ae/0xcc0 [ 70.140933][ T6781] genl_rcv+0x28/0x40 [ 70.140949][ T6781] netlink_unicast+0x5aa/0x870 [ 70.140967][ T6781] ? __pfx_netlink_unicast+0x10/0x10 [ 70.140988][ T6781] netlink_sendmsg+0x8b0/0xda0 [ 70.141039][ T6781] ? __pfx_netlink_sendmsg+0x10/0x10 [ 70.141054][ T6781] ? __might_fault+0xc0/0x140 [ 70.141071][ T6781] ____sys_sendmsg+0xa54/0xc30 [ 70.141090][ T6781] ? __pfx_____sys_sendmsg+0x10/0x10 [ 70.141114][ T6781] ___sys_sendmsg+0x190/0x1e0 [ 70.141127][ T6781] ? __pfx____sys_sendmsg+0x10/0x10 [ 70.141155][ T6781] __sys_sendmsg+0x170/0x220 [ 70.141169][ T6781] ? __pfx___sys_sendmsg+0x10/0x10 [ 70.141192][ T6781] do_syscall_64+0x106/0xf80 [ 70.141207][ T6781] ? clear_bhb_loop+0x40/0x90 [ 70.141220][ T6781] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 70.141231][ T6781] RIP: 0033:0x7ffac639c139 [ 70.141241][ T6781] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 70.141251][ T6781] RSP: 002b:00007ffac71bb028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 70.141262][ T6781] RAX: ffffffffffffffda RBX: 00007ffac6615fa0 RCX: 00007ffac639c139 [ 70.141269][ T6781] RDX: 0000000000000000 RSI: 0000200000000c00 RDI: 0000000000000003 [ 70.141275][ T6781] RBP: 00007ffac71bb090 R08: 0000000000000000 R09: 0000000000000000 [ 70.141280][ T6781] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 70.141287][ T6781] R13: 00007ffac6616038 R14: 00007ffac6615fa0 R15: 00007ffc621f48a8 [ 70.141300][ T6781] [ 70.246327][ T5935] ------------[ cut here ]------------ [ 70.252550][ T5935] [CRTC:37:crtc-0] vblank wait timed out [ 70.254795][ T5935] WARNING: drivers/gpu/drm/drm_atomic_helper.c:1921 at drm_atomic_helper_wait_for_vblanks.part.0+0x738/0x8a0, CPU#2: kworker/2:3/5935 [ 70.259959][ T5935] Modules linked in: [ 70.261426][ T5935] CPU: 2 UID: 0 PID: 5935 Comm: kworker/2:3 Not tainted syzkaller #0 PREEMPT(full) [ 70.264234][ T5935] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 70.268074][ T5935] Workqueue: events drm_fb_helper_damage_work [ 70.270055][ T5935] RIP: 0010:drm_atomic_helper_wait_for_vblanks.part.0+0x73e/0x8a0 [ 70.272454][ T5935] Code: 00 00 00 fc ff df 48 89 f9 48 c1 e9 03 0f b6 04 01 84 c0 74 08 3c 03 0f 8e 44 01 00 00 48 8d 3d c8 49 42 0b 8b b3 d8 00 00 00 <67> 48 0f b9 3a e9 e1 fc ff ff e8 23 81 66 fc e9 7c fe ff ff e8 c9 [ 70.278577][ T5935] RSP: 0018:ffffc90003d6f6f0 EFLAGS: 00010246 [ 70.280586][ T5935] RAX: 0000000000000000 RBX: ffff888103ae0040 RCX: 1ffff1102075c023 [ 70.283263][ T5935] RDX: ffff888027a6f800 RSI: 0000000000000025 RDI: ffffffff90e462b0 [ 70.286077][ T5935] RBP: dffffc0000000000 R08: 0000000000000005 R09: 0000000000000000 [ 70.288945][ T5935] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 70.291500][ T5935] R13: 0000000000000000 R14: 0000000000000000 R15: ffff888026ad2300 [ 70.294032][ T5935] FS: 0000000000000000(0000) GS:ffff8880d654d000(0000) knlGS:0000000000000000 [ 70.297606][ T5935] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 70.299757][ T5935] CR2: 000000110c324beb CR3: 000000002c667000 CR4: 0000000000352ef0 [ 70.302303][ T5935] Call Trace: [ 70.303361][ T5935] [ 70.304347][ T5935] ? __pfx_drm_atomic_helper_wait_for_vblanks.part.0+0x10/0x10 [ 70.307186][ T5935] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 70.309014][ T5935] ? lockdep_hardirqs_on+0x78/0x100 [ 70.310732][ T5935] ? __pfx_autoremove_wake_function+0x10/0x10 [ 70.312715][ T5935] ? drm_atomic_helper_commit_hw_done+0x36d/0x490 [ 70.315046][ T5935] drm_atomic_helper_commit_tail+0xff/0x130 [ 70.317262][ T5935] commit_tail+0x338/0x430 [ 70.318678][ T5935] drm_atomic_helper_commit+0x303/0x380 [ 70.320338][ T5935] ? __pfx_drm_atomic_helper_commit+0x10/0x10 [ 70.322272][ T5935] drm_atomic_commit+0x230/0x300 [ 70.323795][ T5935] ? __pfx_drm_atomic_commit+0x10/0x10 [ 70.325559][ T5935] ? __pfx___drm_printfn_info+0x10/0x10 [ 70.327548][ T5935] ? modeset_lock+0x114/0x6d0 [ 70.329114][ T5935] drm_atomic_helper_dirtyfb+0x603/0x790 [ 70.330966][ T5935] ? __pfx_drm_atomic_helper_dirtyfb+0x10/0x10 [ 70.332921][ T5935] ? do_raw_spin_lock+0x128/0x260 [ 70.334561][ T5935] ? __pfx_drm_atomic_helper_dirtyfb+0x10/0x10 [ 70.337014][ T5935] drm_fbdev_shmem_helper_fb_dirty+0x1cc/0x310 [ 70.339049][ T5935] drm_fb_helper_damage_work+0x348/0x640 [ 70.341419][ T5935] ? __pfx_drm_fb_helper_damage_work+0x10/0x10 [ 70.343893][ T5935] ? rcu_is_watching+0x12/0xc0 [ 70.345847][ T5935] process_one_work+0x9d7/0x1920 [ 70.348123][ T5935] ? __pfx_process_one_work+0x10/0x10 [ 70.350350][ T5935] ? __pfx_drm_fb_helper_damage_work+0x10/0x10 [ 70.352508][ T5935] worker_thread+0x5da/0xe40 [ 70.354235][ T5935] ? __pfx_worker_thread+0x10/0x10 [ 70.356364][ T5935] ? kthread+0x13a/0x450 [ 70.358078][ T5935] ? __pfx_worker_thread+0x10/0x10 [ 70.360169][ T5935] kthread+0x370/0x450 [ 70.361818][ T5935] ? __pfx_kthread+0x10/0x10 [ 70.363657][ T5935] ret_from_fork+0x754/0xd80 [ 70.365109][ T5935] ? __pfx_ret_from_fork+0x10/0x10 [ 70.367157][ T5935] ? __switch_to+0x7b4/0x1120 [ 70.369077][ T5935] ? __pfx_kthread+0x10/0x10 [ 70.370798][ T5935] ret_from_fork_asm+0x1a/0x30 [ 70.372272][ T5935] [ 70.373458][ T5935] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 70.376364][ T5935] CPU: 2 UID: 0 PID: 5935 Comm: kworker/2:3 Not tainted syzkaller #0 PREEMPT(full) [ 70.379672][ T5935] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 70.383550][ T5935] Workqueue: events drm_fb_helper_damage_work [ 70.386027][ T5935] Call Trace: [ 70.387524][ T5935] [ 70.388752][ T5935] dump_stack_lvl+0x100/0x190 [ 70.390531][ T5935] vpanic+0x552/0x970 [ 70.391891][ T5935] ? __pfx_vpanic+0x10/0x10 [ 70.393738][ T5935] panic+0xd1/0xe0 [ 70.394950][ T5935] ? __pfx_panic+0x10/0x10 [ 70.396397][ T5935] ? check_panic_on_warn+0x1f/0x90 [ 70.398094][ T5935] check_panic_on_warn.cold+0x19/0x34 [ 70.399841][ T5935] ? drm_atomic_helper_wait_for_vblanks.part.0+0x738/0x8a0 [ 70.402163][ T5935] __warn.cold+0x191/0x348 [ 70.403581][ T5935] __report_bug+0x296/0x3d0 [ 70.404870][ T5935] ? drm_atomic_helper_wait_for_vblanks.part.0+0x738/0x8a0 [ 70.407248][ T5935] ? __pfx___report_bug+0x10/0x10 [ 70.409074][ T5935] ? lockdep_hardirqs_on+0x78/0x100 [ 70.410829][ T5935] report_bug_entry+0xe1/0x290 [ 70.412389][ T5935] ? drm_atomic_helper_wait_for_vblanks.part.0+0x73e/0x8a0 [ 70.414637][ T5935] handle_bug+0x1c9/0x2a0 [ 70.415959][ T5935] exc_invalid_op+0x17/0x50 [ 70.417392][ T5935] asm_exc_invalid_op+0x1a/0x20 [ 70.418985][ T5935] RIP: 0010:drm_atomic_helper_wait_for_vblanks.part.0+0x73e/0x8a0 [ 70.421593][ T5935] Code: 00 00 00 fc ff df 48 89 f9 48 c1 e9 03 0f b6 04 01 84 c0 74 08 3c 03 0f 8e 44 01 00 00 48 8d 3d c8 49 42 0b 8b b3 d8 00 00 00 <67> 48 0f b9 3a e9 e1 fc ff ff e8 23 81 66 fc e9 7c fe ff ff e8 c9 [ 70.427754][ T5935] RSP: 0018:ffffc90003d6f6f0 EFLAGS: 00010246 [ 70.430005][ T5935] RAX: 0000000000000000 RBX: ffff888103ae0040 RCX: 1ffff1102075c023 [ 70.432495][ T5935] RDX: ffff888027a6f800 RSI: 0000000000000025 RDI: ffffffff90e462b0 [ 70.434860][ T5935] RBP: dffffc0000000000 R08: 0000000000000005 R09: 0000000000000000 [ 70.437252][ T5935] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 70.439652][ T5935] R13: 0000000000000000 R14: 0000000000000000 R15: ffff888026ad2300 [ 70.442112][ T5935] ? __pfx_drm_atomic_helper_wait_for_vblanks.part.0+0x10/0x10 [ 70.444396][ T5935] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 70.446444][ T5935] ? lockdep_hardirqs_on+0x78/0x100 [ 70.448048][ T5935] ? __pfx_autoremove_wake_function+0x10/0x10 [ 70.449989][ T5935] ? drm_atomic_helper_commit_hw_done+0x36d/0x490 [ 70.452034][ T5935] drm_atomic_helper_commit_tail+0xff/0x130 [ 70.453862][ T5935] commit_tail+0x338/0x430 [ 70.455327][ T5935] drm_atomic_helper_commit+0x303/0x380 [ 70.456979][ T5935] ? __pfx_drm_atomic_helper_commit+0x10/0x10 [ 70.458895][ T5935] drm_atomic_commit+0x230/0x300 [ 70.460546][ T5935] ? __pfx_drm_atomic_commit+0x10/0x10 [ 70.462259][ T5935] ? __pfx___drm_printfn_info+0x10/0x10 [ 70.464001][ T5935] ? modeset_lock+0x114/0x6d0 [ 70.465557][ T5935] drm_atomic_helper_dirtyfb+0x603/0x790 [ 70.467253][ T5935] ? __pfx_drm_atomic_helper_dirtyfb+0x10/0x10 [ 70.469160][ T5935] ? do_raw_spin_lock+0x128/0x260 [ 70.470773][ T5935] ? __pfx_drm_atomic_helper_dirtyfb+0x10/0x10 [ 70.472700][ T5935] drm_fbdev_shmem_helper_fb_dirty+0x1cc/0x310 [ 70.474618][ T5935] drm_fb_helper_damage_work+0x348/0x640 [ 70.476339][ T5935] ? __pfx_drm_fb_helper_damage_work+0x10/0x10 [ 70.478177][ T5935] ? rcu_is_watching+0x12/0xc0 [ 70.479723][ T5935] process_one_work+0x9d7/0x1920 [ 70.481358][ T5935] ? __pfx_process_one_work+0x10/0x10 [ 70.483054][ T5935] ? __pfx_drm_fb_helper_damage_work+0x10/0x10 [ 70.485047][ T5935] worker_thread+0x5da/0xe40 [ 70.486532][ T5935] ? __pfx_worker_thread+0x10/0x10 [ 70.488170][ T5935] ? kthread+0x13a/0x450 [ 70.489559][ T5935] ? __pfx_worker_thread+0x10/0x10 [ 70.491297][ T5935] kthread+0x370/0x450 [ 70.492628][ T5935] ? __pfx_kthread+0x10/0x10 [ 70.494132][ T5935] ret_from_fork+0x754/0xd80 [ 70.495684][ T5935] ? __pfx_ret_from_fork+0x10/0x10 [ 70.497355][ T5935] ? __switch_to+0x7b4/0x1120 [ 70.498857][ T5935] ? __pfx_kthread+0x10/0x10 [ 70.500398][ T5935] ret_from_fork_asm+0x1a/0x30 [ 70.502044][ T5935] [ 70.503820][ T5935] Kernel Offset: disabled [ 70.505387][ T5935] Rebooting in 86400 seconds..